MCU-in-the-middle attack on Diebold voting machine

Posted on Thursday, September 29th, 2011 in hacks, Prototypes, techniques by the machinegeek

Computerized voting machine vulnerabilities are nothing new, but this video demonstrating a man-in-the-middle wireless attack on a Diebold voting machine takes a different tact than most others. A vulnerability assessment team at Argonne National Laboratories was able to compromise the security of the Diebold machine, rendering it vulnerable by using a homemade MCU board at a total parts cost of less than $12. Adding the remote wireless capability would increase total cost to around $26.

The technique requires initial physical access to the target voting machine in order to install the board on the bus between the touchscreen and the mainboard. (The difficulty of achieving this would be relative to the amount of physical security surrounding the machine.) Once installed, the added hardware can intercept data from the touchscreen and alter input according to a preprogrammed routine, or according to instructions from the remote.

The researchers in this video are simply remotely pressing buttons on the machine’s 0-9 password keypad. It would appear to us that in order to perform an effective, undetectable hack on an election would require additional detailed knowledge about the progression of screens, choices and options available to the voter. This could be more effectively performed if voter’s button presses were transmitted for viewing by the attacker on a remote screen. This would require additional coding and hardware on the remote side, but would really turn this into a killer hack!

We’d be interested in seeing the hardware/software details. Looks like a (very) Dangerous Prototype!

Via Brad Friedman at Salon.

This entry was posted on Thursday, September 29th, 2011 at 3:18 pm and is filed under hacks, Prototypes, techniques. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

One Response to “MCU-in-the-middle attack on Diebold voting machine”

  1. Eddie says:

    Gahh.. . so voting becomes evn less secure. .. Bring back those steampunky mechanical units!

Leave a Reply

Notify me of followup comments via e-mail. You can also subscribe without commenting.

Recent Comments

  • KH: A power-off current draw of 4mA for the Sony A6000 is a defect, product recall territory. It hits the camera battery with unacceptable wear and...
  • KH: Hydroponics is like home automation. Every year you have folks who start projects like these and think it will take off and become a big...
  • KH: Read the linked article. The A6000 has an unusually high standby/sleep current. The adapter's quiescent current is not an issue, but the A6000 sleep current...
  • Drone: Jeez, the very limited DCA: 40A/400A±3.0% capability, no RMS at all, and the CAT=DEATH rating makes this a NO BUY at any price - much...
  • Drone: Back-Story... Quoting: "HydroBot is a modular control system for automating hydroponic gardens." More about it here: Interesting work. But I would like to see...