Diebold's notoriously insecure voting machines — in use across the USA — have been found to have an even deeper vulnerability than previously known. A new report by Harri Hursti, released on BlackBoxVoting, documents how an attacker with a few moments' of private physical access to a machine could compromise it and load it with his own software, compromising every function of the machine, including the ability to count votes.
Ed Felten and Avi Rubin have written an excellent summary and analysis of the Hursti paper and published it on Freedom to Tinker — if you care about whether you vote gets counted in 2006, read this now.
Hursti's findings suggest the possibililty of other attacks, not described in his report, that are even more worrisome.
In addition, compromised machines would be very difficult to detect or to repair. The normal procedure for installing software updates on the machines could not be trusted, because malicious code could cause that procedure to report success, without actually installing any updates. A technician who tried to update the machine's software would be misled into thinking the update had been installed, when it actually had not.
On election day, malicious software could refuse to function, or it could silently miscount votes.
