An examination of the auditability of voter verified paper audit trail (VVPAT) ballots
EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
An authentication and Ballot layout attack against an optical scan voting terminal
EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
Pre-election testing and post-election audit of optical scan voting terminal memory cards
EVT'08 Proceedings of the conference on Electronic voting technology
State-wide elections, optical scan voting systems, and the pursuit of integrity
IEEE Transactions on Information Forensics and Security - Special issue on electronic voting
Automating voting terminal event log analysis
EVT/WOTE'09 Proceedings of the 2009 conference on Electronic voting technology/workshop on trustworthy elections
Determining the causes of AccuVote optical scan voting terminal memory card failures
EVT/WOTE'10 Proceedings of the 2010 international conference on Electronic voting technology/workshop on trustworthy elections
Enhancing the Social Issues Components in our Computing Curriculum: Computing for the Social Good
Proceedings of the 2010 ITiCSE working group reports
Probing the front lines: pollworker perceptions of security & privacy
EVT/WOTE'12 Proceedings of the 2012 international conference on Electronic Voting Technology/Workshop on Trustworthy Elections
Malicious takeover of voting systems: arbitrary code execution on optical scan voting terminals
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Hi-index | 0.00 |
The firmware of an electronic voting machine is typically treated as a "trusted" component of the system. Consequently, it is misconstrued to be vulnerable only to an insider attack by someone with an in-depth knowledge of the system and access to the source code. This case study focuses on the Diebold/Premier AccuVote Optical Scan voting terminal (AV-OS) that is widely used in the USA elections. We present three low level manipulations of the above voting terminal's firmware resulting in divergence from its prescribed operation: (i) the first bestows the terminal with a powerful memory card dumping functionality, (ii) the second enables the terminal to leak the ballot details through its serial port thus violating voter privacy during the election, (iii) the final third firmware manipulation is a proof of concept attack that swaps the votes of two candidates thus permanently destroying the election outcome in an undetectable fashion. This demonstrates the extent to which the firmware of the AV-OS can be modified with no insider knowledge or access to the source code. Our results underscore the importance of verifying the integrity of the firmware of electronic voting terminals accompanied by sound auditing procedures to maintain the candor of the electoral process. We also note that this work is performed solely with the purpose of security analysis of AV-OS, and the first and the second firmware manipulations we describe serve a dual purpose in assisting the technological audits of actual voting procedures conducted using AV-OS systems.