Its running on proprietary software so I worry more about a covert code section in a patch causing the vote to be skewed. This could happen at any computer or any place votes are tabulated - at any application or process level.
Touch screens need calibration sometimes. If calibration went off you might vote for someone that you didn't mean to.
At my polling place it would have been very easy to walk out with a card.
I know one of the ladies that 'certified' these machines. I had to clean up her machine because it was totally hacked. Backweb, subseven and msblaster.exe all on this machine with a serve-u ftp server tons of porn and she thought the cd-rom didn't work right.
That concerned me more than anything.
I did give her my 2 cents about the machines. Electronic voting. ICK.
] Well, I voted today. A few impressions.
] 1. There seemed to be a lot of polling locations around my
] apartment, and a lot of machines. No lines when I showed up
] (at 3). If you DOSed one machine I think it would have little
] effect on the outcome unless a race was very close.
] 2. You can't get access to the machines unless you are
] registered to vote in the district in question. This means
] that you would either have to attack your own district or you
] would need to be able to effectively fake the identity of
] someone in the district of choice while preventing them from
] showing up before or during your visit.
] 3. Old people can easily distract poll workers with stupid
] 4. Swaping the smart cards would have been dead easy. If the
] system could be attacked with a bad smartcard, then you could
] get away with this, and you would have at least 10 minutes to
] play around on the console without drawing any attention.
] 5. You're not in an enclosed booth, so putting a sniffer
] inline between the smart card and the reader might get
] noticed. You'd have to be pretty slick to hide it. Maybe drop
] your copy of the league of women voter's guide on top of the
] reader once the card is inserted. Also, the card snaps into
] place in the reader. That mechanism might interfere with any
] custom hardware, but it depends.
] 6. The smart card reader is attached to the machine with a
] plainly visible rs232 cable. If you were really slick you
] might be able to place a device inline between the reader and
] the cable, but you might get noticed, and certainly such a
] device would be discovered later.
] 7. You could probably Van-Ek phreak polling places. I don't
] think anyone has discussed that. I was happy to see that in
] Georgia they enter you registration on a scantron form. In
] Tennessee they used a computer, which seemed to be network
] conected. I figured one might be able to associate votes with
] people because of that.
] 8. If Diebold could devise a way to make the machine start
] beeping in the event that one of the critical processes
] crashed or the administrative modes were accessed this would
] be a somewhat effective security mechanism. Any attack would
] depend on a lot of slight of hand under the noses of other
] people. Things that make loud noises tend to draw attention.
] Obviously this could never be fool proof.
] 9. The UI was nice. I had some trouble getting the touch
] screen to recognize some of my presses, but all in all it was
] a good voting experience.
RE: Diebold Machines