Are your votes really counted?: testing the security of real-world electronic voting systems
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Pre-election testing and post-election audit of optical scan voting terminal memory cards
EVT'08 Proceedings of the conference on Electronic voting technology
Taking total control of voting systems: firmware manipulations on an optical scan voting terminal
Proceedings of the 2009 ACM symposium on Applied Computing
State-wide elections, optical scan voting systems, and the pursuit of integrity
IEEE Transactions on Information Forensics and Security - Special issue on electronic voting
Automating voting terminal event log analysis
EVT/WOTE'09 Proceedings of the 2009 conference on Electronic voting technology/workshop on trustworthy elections
Determining the causes of AccuVote optical scan voting terminal memory card failures
EVT/WOTE'10 Proceedings of the 2010 international conference on Electronic voting technology/workshop on trustworthy elections
Malicious takeover of voting systems: arbitrary code execution on optical scan voting terminals
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Hi-index | 0.00 |
Recently, two e-voting technologies have been introduced and used extensively in election procedures: direct recording electronic (DRE) systems and optical scanners. The latter are typically deemed safer as many recent security reports have discovered substantial vulnerabilities in a variety of DRE systems. In this paper we present an attack against the Diebold Accuvote optical scan voting terminal (AV-OS). Previously known attacks direct to the AV-OS required physical access to the memory card and use of difficult to find hardware (card reader/writer). Our attack bypasses these issues by using the serial port of the AV-OS terminal and reverse engineering the communication protocol, in essence, using the terminal itself as a reader/writer. Our analysis is based solely on reverse-engineering. We demonstrate how an attacker can exploit the serious security vulnerability of weak (non-cryptographic) authentication properties of the terminal. The attack payload delivers a tampered ballot layout that, depending on the scenario, allows swapping of candidate votes, neutralizing votes, or even shifting votes from one candidate to another.