Monday, September 18, 2006

OMG!!! “Hotel Minibar” Keys Open Diebold Voting Machines

I don't know whether to laugh or cry, or in which order to do both.

Let's see, some winger will comment that this is no big deal. Many same-model car keys open same-model cars. That doesn't mean your car will be stolen. Unless of course you're driving a Lamborghini and yea, since whoever props his (or her) feet on that Oval Office desk influences the fortunes of those who can afford a Lamborghini, it matters.
“Hotel Minibar” Keys Open Diebold Voting Machines: "Like other computer scientists who have studied Diebold voting machines, we were surprised at the apparent carelessness of Diebold’s security design. It can be hard to convey this to nonexperts, because the examples are technical. To security practitioners, the use of a fixed, unchangeable encryption key and the blind acceptance of every software update offered on removable storage are rookie mistakes; but nonexperts have trouble appreciating this. Here is an example that anybody, expert or not, can appreciate:

The access panel door on a Diebold AccuVote-TS voting machine — the door that protects the memory card that stores the votes, and is the main barrier to the injection of a virus — can be opened with a standard key that is widely available on the Internet.

On Wednesday we did a live demo for our Princeton Computer Science colleagues of the vote-stealing software described in our paper and video. Afterward, Chris Tengi, a technical staff member, asked to look at the key that came with the voting machine. He noticed an alphanumeric code printed on the key, and remarked that he had a key at home with the same code on it. The next day he brought in his key and sure enough it opened the voting machine.

This seemed like a freakish coincidence — until we learned how common these keys are."