What is Digg?Sponsored by HTC
Who knows you better than your phone? view!
youtube.com - See you from the perspective of your phone.
46 Comments
- spanky6256000, on 08/11/2009, -1/+29Fraud and hacking will always be a problem with electronic voting machines. The question is whether or not they're less fraudulent than paper ones.
- goband, on 08/12/2009, -1/+20There's a whole documentary on hacking voting machines, called Hacking Democracy.
Voting machines should be standardized, and the software the machines use should be made public. Anyone should be able to look at the software and petition the government for changes to the software if they see flaws. As it stands, I have positively 0 confidence in our system. I spent 6 years in the military, hoping to support our nation. Now I realize it is broken beyond repair. Too many people are making too much money to change anything. - brownsound00, on 08/12/2009, -0/+13Clicked article...ctrl+f "Republican"... 0 results found
- 0xABADC0DA, on 08/12/2009, -1/+11Some comments say the article doesn't explain how it works, so here's a basic idea... for this example the 'code' will be DNA base pairs:
Function A: ACAAGATGCCA<return>
Function B; TTGTCCCCCGAT<return>
Function C: CCACCGCCGTA<return>
The <return> takes a code location off the stack (a list of variables and addresses in RAM) and execution continues from that address... normally this causes the function that called it to continue where it left off. But this attack constructs a custom stack that returns into the end of arbitrary functions. So to spell out the code for GATTACA you construct a stack that 'returns' into the end of the functions... return to [1], then [2] then [3]:
Function A: ACAAGATGC[3]CA<return>
Function B; TTGTCCCCC[1]GAT<return>
Function C: CCACCGCCG[2]TA<return>
So what happens is that you 'assemble' small fragments of code from the ends of functions and this creates a new sequence that does whatever you can string together. Which in a large program is pretty much anything. The code is still running from ROM, and no code has been changed, but the flow of execution has been modified to do something completely different. - Tiak, on 08/11/2009, -0/+10While the attack is of course interesting, is it really more plausible for someone to inconspicuously open up the machine and preform whatever interfacing is necessary to accomplish the arbitrary stack manipulation than it is to simply fill out ballots for multiple individuals?...
- MMOcker, on 08/11/2009, -0/+10...the new technique called "e-bribe" involves paying off positions via paypal....
- inactive, on 08/12/2009, -2/+8I have a degree in computer engineering, and even after some research still have no idea how return-oriented programming works. The article makes no attempt at even a simple description of how the attack is executed or how this type of programming does it's thing. It appears that you have to know the contents of the RAM, have access to it, and have a pre-written exploit which you load into the RAM, presumably through some hardware connection. This attack vector seems particularly far-fetched.
- 0xABADC0DA, on 08/12/2009, -1/+6There is NO electronic voting machine that is safe from hacking. The ONLY electronic machines that are safe in any way are machines that only count a physical vote, and only with humans at least verifying the results by hand. Modifying an electronic voting machine, even a counting one, to steal elections is very easy for even a single moderately skilled programmer (or for some counting ones, a single engineer).
To have actual verifiable elections:
1) any citizens can inspect the setup before election starts
2) physical votes in a box
3) can watch votes be tallied after polls close, *at your polling location*, with separate published totals for each polling place; you can verify in the final list that your polling location totals are correct and so can other people for their polls.
If the votes are moved to a central location to count, then the election can be stolen. If you can't verify the totals include correct numbers from your poll location then the election can be stolen. If there are mechanical counters where you can't physically see each vote on paper and verify the count, then the election can be stolen. As an American citizen, you can't verify the vote at your polls even when computers are not involved... which means if our elections are stolen there's no way for us to know about it. - DaviDTC, on 08/12/2009, -0/+3Why not have a system that does both? You put in your choice on a computer screen and it tallies it there and it also prints out a "receipt" type thing that is hand counted later. You get to handle the receipt to see if the correct vote has been marked. If the counts between hand count and machine count are off by a certain % (assume the same as needed to do a recount) then you know something is up. Some may say it is redundant, but something like voting should have multiple ways to confirm a count to help prevent any hacking/stealing elections.
- 4AntiStupid, on 08/12/2009, -0/+3With physical access you can get into any system. The impracticality of getting physical access to so many machines to make a difference puts this in the silly category.
I still don't think ATM style voting machines are a good idea. The old scan tron sheets have a lower error rate and are easily manually counted. The correct solution is always the simplest that gets the job done as well as any other option. - AReallyGoodName, on 08/12/2009, -1/+3The CPU the voting machine uses only executes code if it's in the memory address space of the internal ROM.
So instead of just writing in code directly to that space (something they can't do) they force the ROM to branch specific ways by changing the memory card contents.
eg. say you have "If a == b do x else do y"
You can choose which branch of code to execute by modifying the values of a or b on the memory card. - piieerrrree, on 08/12/2009, -0/+2Paper might be easier to commit fraud through, but machines can do it on a very large-scale, and folks will trust a machine counting more than people's counts.
- 0xABADC0DA, on 08/12/2009, -1/+3Yes, because if you fill out multiple ballots you also have to get access to the register of who voted, so you can mark more people as voting so the number of votes matches the number of voters. You also have to physically visit all the polls you want to rig... whereas adding some hardware to dozens of computers in storage is much easier.
Also, if somebody *really* wanted to steal an election it could be an inside job (secret code in the ROM) or adding the extra memory card internally beforehand. Or with access to the source there may be other hacks that work better. And note that this is a *very* secure machine in terms of elections systems, in that it only runs code from ROM. The ones that are used mostly are just generic computers running outdated unpatched versions of Windows and can be hacked in a million other more advanced ways. - kemp34, on 08/12/2009, -0/+2They never forget who they work for.
- drmsux, on 08/12/2009, -0/+2"The attacker introduces the demonstration attack into the machine through a cartridge with maliciously constructed contents that is inserted into an unused port in the machine."
You still need physical access and this port will most likely be closed during actual election, so you have to work at the voting station, too..
This particular attack can be prevented by ASLR, use of managed code for voting system design (running unmanaged code on such systems is not very smart) and digital signatures on memory cartridges used with machines. - itinerantspectr, on 08/12/2009, -1/+3One man, 765,248 votes
- freakedguru, on 08/12/2009, -0/+1"This particular attack can be prevented by..."
uh huh.
And when the hell have you seen such properly implemented code in the public? I don't think there's a chance in hell the necessary conditions of funding, competent programmers, competent managers and time will ever align to allow it. - Gemfinder, on 08/12/2009, -1/+2It's time to ditch these goddamn things.
- inactive, on 08/12/2009, -0/+1That's the elephant in the room of this demonstration. The machines are guarded from the time they arrive at the polling site till the results are gathered. Any hack would have to take place long before the machine was moved to its voting place. Possible..yes. Practical...no.
- LordofShadows, on 08/12/2009, -0/+1Just because you guys are dumb doesnt mean your degree is worthless. When you call a function, it places arguments and a return address on the stack. If you can buffer overflow an argument on the stack you can control where the code returns to. So instead of pointing the processor to code injected on the stack like a normal buffer overflow exploit. You build a stack that executes the code you want by returning into standard library functions before finally returning to original code.
- AReallyGoodName, on 08/12/2009, -0/+1Ohhh i just relised they also change the value where the comparison statement jumps to (which can be a variable in RAM).
So pretty much they can jump to any peice of existing code every time there's a jmp.
It's quite cool in that they don't actually write any new code to memory, they just jump around inside existing code. - inactive, on 08/12/2009, -0/+1So what exactly is the "return-oriented" part? Wouldn't it be easier to just change the part of the RAM that holds the vote count?
- NeoTechni, on 08/12/2009, -0/+1They use Z80s?
Wait, these things are no more advanced than a gameboy? - AReallyGoodName, on 08/12/2009, -0/+1The research paper is here.
http://www.usenix.org/events/evtwote09/tech/full_p ...
They don't have access to all of the internal RAM so they can't just write the votes in. A memory card (that usually contains the details of who can be voted for and the stores the results) is all they have access to. They replace the legit one with their fake one to load in the malicious code and then swap the legit memory card back in again on all the machines they want to compromise.
There is a stack overflow exploit where more data can be read from the memory card into RAM than should occur. This allows 1 jump to a memory location of their choice.
They then manage to escalate from there, running internal code that loads in more data from the card that allows for more code to be run etc. - NoTiG, on 08/13/2009, -0/+1The attacker introduces the demonstration attack into the machine through a cartridge with maliciously constructed contents that is inserted into an unused port in the machine"
Why, oh why, is a voting machine able to read input from ANYTHING but the buttons on the screen? The fact that it reads data from a disk at all is a security vulnerability... a flaw in design. This new technique is over complicating the issue. the fact that they had to insert anything at all means that the machine is reading data from the disk... there is no reason at all for a voting machine to READ from the media it is storing to. It should only write to it... and then you limit security vulnerabilities. - vroom101, on 08/12/2009, -0/+1Excerpt from the excellent, must-read paper "Return-Oriented Programming: Systems, Languages, and Applications" by Ryan Roemer, Erik Buchanan, Hovav Shacham and Stefan Savage at
http://cseweb.ucsd.edu/~hovav/dist/rop.pdf
. . . We have shown that the return-oriented programming problem extends to both the Linux/x86 and Solaris/SPARC platforms, and we argue that it portends a universal issue. Moreover, we have demonstrated that return-oriented exploits are practical to write, as the complexity of gadget combination is abstracted behind a programming language and compiler. Finally, we argue that this approach provides a simple bypass for the vast majority of exploitation mitigations in use today.
To wit, since a return-oriented exploit relies on existing code and not injected instructions, it is resilient against code integrity defenses. It is thus undetectable to code signing techniques such as Tripwire, Authenticode, Intel's Trusted Execution Technology, or any "Trusted Computing" technology using cryptographic attestation. It will similarly circumvent approaches that prevent control flow diversion outside legitimate regions (such as W X) and most malicious code scanning techniques (such as anti-virus scanners).
Where then does this leave the defender? Clearly, eliminating vulnerabilities permitting control flow manipulation remains a high priority -- as it has for twenty years. Beyond this, there are three obvious design strategies for addressing the problem. First, we can explore hardware and software support for further constraining control flow. For example, dynamic taint checking systems can prevent the transfer of control through stack cells computed from an input [Newsome and Song 2005]. Similarly, we can investigate hardware support for constraining control transfers between functions. A second approach is to address the power of the return-oriented approach itself. We speculate that perhaps function epilogues can be sufficiently constrained to foreclose a Turing-complete set of gadgets. Finally, if these approaches fail, we may be forced to abandon the convenient model that code is statically either good or bad, and instead focus on dynamically distinguishing whether a particular execution stream exhibits good or bad behavior. - vladimirk, on 08/12/2009, -0/+1That is some good research being done.
- Khast, on 08/12/2009, -2/+3Diebold: That's impossible, we have tested our machines, and they are unhackable. Your vote is perfectly safe...trust us.
IF anything our government should look at common household electronic devices which are locked down....how quickly was the software hacked with "malicious code"? iPhone? PSP? Wii, ect. - morcheeba, on 08/13/2009, -0/+1http://lmgtfy.com/?q=return-oriented+programming
... or ...
http://cseweb.ucsd.edu/~hovav/talks/blackhat08.htm ... - DevinWatson, on 08/13/2009, -0/+1The more you know...
- Genma, on 08/12/2009, -0/+1this attack can only be done where the actual voting takes place, after they have been installed and set up. it's still not clear how they would make it appear to be shut off when it's still powered, the crux of this method relies on the altered rom to stay in memory without getting reset. not practical but proven it works, so it still matters.
- ranon78, on 08/12/2009, -0/+1Whenever I see a story about voting machines, I think about the Indian Electronic Voting Machines. These have been used for 3 nationwide elections for over 10 years and are a resounding success.
http://en.wikipedia.org/wiki/Indian_voting_machine ...
http://www.bel-india.com/BELWebsite/images/EVM_Fea ... - Tiak, on 08/12/2009, -0/+1@0xABADC0DA
I'm not exactly certain how things work around you, but where I live (Northern California) our designated polling place has a list of who is scheduled to vote there, on which they check people off as they come to claim a ballot.
While disinterested parties aren't likely to let you claim to be multiple people on their list without some very good disguises and passable fake IDs, they are even less likely to let you walk up to a voting machine, pick the heavy-duty lock, and sit under it for 30 minutes (optimistically) installing a device that allow you to modify the contents of the machine's memory, all in the middle of voting. Alternatively, they could engage in a significant rewiring of machines such that would allow a malicious device to draw power on startup, wait until the machine was in a known state, and then do the same, but such an installation would be much more complicated and easy to catch with a simple inspection before or after voting takes place.
Any organization capable of pulling this hack off to any significant effect at a significant number of polling places without tripping any suspicions would be able to accomplish similar feats on ATMs that are less frequently watched, constantly powered, and similarly protected against intrusion, which would make them a much more attractive target. - Heiios, on 08/12/2009, -1/+1Profound....
- ellienor, on 08/12/2009, -2/+1All of this voting fraud discussion seems somewhat off the point, when the candidates all work at the pleasure of the Financiers...the real Owners/controlling shareholders of the holding companies of the greatest bank and securities institutions....and not only aren't they on the ballot....we may not even know their names. I want to vote for Lord or Baron Rothschild, for starters.
- inactive, on 08/12/2009, -5/+4Oh, the GOP will LOVE this!
- Bigballa5412, on 08/12/2009, -3/+2Paper ballots, done.
Then we can only worry about losing a ton of ballots by leaving them in your car or something equally irresponsible.
But at least they can usually recount the votes, rather then returning to the machine to stare at the results screen. - inactive, on 08/12/2009, -4/+2So what we have here is one more thing for the right's nutter fringe to take in a completely irrational direction.
- freakedguru, on 08/12/2009, -3/+1"I have a degree in computer engineering..."
To be honest, this doesn't mean much. I have a degree in CS/ Software Engineering from a university that is second only to the likes of Stanford and MIT, but I learned more in a weekend at Black Hat / Defcon about internet security than I learned in my entire university carreer. - SpookyET, on 08/12/2009, -4/+2My hack says that they rock. :-)
- inactive, on 08/12/2009, -4/+2Republicans 243,000,000
Democrats 512 - SystemicThought, on 08/12/2009, -4/+1DIEBOLD!
- 4AntiStupid, on 08/12/2009, -5/+1He was joking people in the discussion. Duh.
- iatealitlebabie, on 08/12/2009, -10/+4Nickelback sucks.
- inactive, on 08/12/2009, -14/+6Nickleback sucks.
- inactive, on 08/11/2009, -17/+2Oh nooooo!!!! Its the EVIL Repbublicans!!!
© Digg Inc. 2009
— Content created and posted by Digg users is