[Talk] Hotel Minibar Keys Open Diebold Voting Machines

Nick Simicich talk@flux.org
Tue, 19 Sep 2006 22:22:51 -0400 

On Tue, 2006-09-19 at 16:09, liz@argate.net wrote:
> http://www.freedom-to-tinker.com/?p=1064
> 
> Hotel Minibar Keys Open Diebold Voting Machines
> Monday September 18, 2006 by Ed Felten

If our goal is to be able to set up unmanned voting places, like ATMs,
then this is probably important.  We want an unpickable lock on our
unmanned ATM - just as we want a hard to pick lock on our safe since it
is there when we are not.

If I'm not mistaken, this is a key that would be held by at least one of
the people in the room anyway, no?  The machine has to be opened at the
end of the day to take the chip out so that it can be sent to the
central location. 

So the point of the lock is not security - the security is provided by
the poll watchers and the poll workers.

But this is more like a strongbox - the sort of strongbox that a cashier
gets who is making change at an event. Someone wants entry to the box
they ask forcefully and they get it.

Do I not understand this?  If I stand at my voting machine and muck with
the lock, do you think I won't get called on it?

I don't think that this is nearly as important as people are making it
out to be - and make no mistake, I think that it is very important that
we have as trustworthy as possible voting.  But this lock is just not as
important to security as, say, the people in the room who are part of
the web of trust.

Now that "bumping"
http://www.toool.nl/bumping.pdf#search=%22%22bump%20keys%22%22 is common
knowledge, if we are looking to resist that level of manipulation, we
are probably looking at the locks that IBM used to put on their AIX
boxes - I still have some - the pin has to both be cut at the right
angle and the right depth.

Of course, you could not pick the lock - but on some cases you could
just turn the case upside down.

> Like other computer scientists who have studied Diebold voting machines, we 
> were surprised at the apparent carelessness of Diebolds security design. It can 
> be hard to convey this to nonexperts, because the examples are technical. To 
> security practitioners, the use of a fixed, unchangeable encryption key and the 
> blind acceptance of every software update offered on removable storage are 
> rookie mistakes; but nonexperts have trouble appreciating this. Here is an 
> example that anybody, expert or not, can appreciate:
> 
> The access panel door on a Diebold AccuVote-TS voting machine the door 
> that protects the memory card that stores the votes, and is the main 
> barrier to the injection of a virus can be opened with a standard key that 
> is widely available on the Internet...

-- 
Blog: http://majordomo.squawk.com/njs/blog/blogger.html
Atom: http://majordomo.squawk.com/njs/blog/atom.xml
RSS: http://majordomo.squawk.com/njs/blog/atom.rdf