NEW: Princeton prof says e-vote machines hackable

NEW: Princeton prof says e-vote machines hackable

Company, elections officials say machines are secure
By Michele R. Marcucci, Staff Writer
Article Last Updated: 02/20/2007 04:15:35 PM PST


A Princeton University professor is claiming that some of Sequoia Voting Systems' electronic touchscreen machines can be easily manipulated to throw an election.
In a blow-by-blow on his school Web page and a separate filing for an electronic voting lawsuit in New Jersey superior court, computer science professor Andrew Appel details how he was able to purchase five of the Oakland-based company's AVC Advantage machines off a Web site auctioning government surplus items, pry open the back and access the computer chips that control the vote count.

He said security features the Oakland-based company claimed on its Web site were not in place on the machines he bought for $82 off www.govdeals.com.

``Anybody who has access to one of these machines for 10 minutes unattended could replace the computer program that adds up the votes,'' Appel said.

http://www.insidebayarea.com/oaklandtribune/ci_5266691

Is this something else to file suit about?

``It's a complex matter, and it's now in the hands of people we have confidence in,'' Friese said. Still, both Shafer and Macdonald said they're concerned the equipment was available for sale online. Sequoia's online product guides say the machines' firmware is proprietary and on a closed system, to prevent hacker access. And Shafer said the sale of the equipment online could violate the company's licensing agreements.

the counties and states -- if said licensing agreements were violated, of course. Those same licensing agreements are presumably not signed by Prof. Appel. or others

practices like selling machines in violation of their agreements that the entity could be sued over and that lawsuit could cost the taxpayers money... Well then... don't we taxpayers have a right to complain about the state or counties behavior?

Good point about the online sales.

:hi:

That online sales aspect is such a double edged sword since it benefits both the good guys who want to see the vulnerabilities and prove them and the bad folks who want to see the vulnerabilities and exploit them.

And then there are the election officials who need to be held accountable for setting up the whole mess!

Almost ANYONE with microprocessor training could hack this.

It's not a "complex matter" at all, technically. The Chinese and eastern Europeans have been doing this for years.

This is not rocket science.

for voting machines... why there is plenty of time to play all kinds of computer games..

It uses the Zilog Z-80 chip circa 1977. IIRC 8mhz. The z-80 cannot use an operating system such sa Windows. The Sequoia Advantage uses Firmware, which some have thought gave it better protection against hacking, now that has been proven wrong......

this is really a industry wide architectural problem, The Diebold, ES&S and Sequoia Advanatge DRE's have all been hacked through the same attack vector. This occure because the harware, the guts, the architecture of each of these machines is the same, thusly they are all vulnerable to the same attack.

Plus the fact that these machines have not proven that they can actually count, accurately.

So as soon as someone comes up with a DRE that can count, & prevents known hack vectors, I will consider supporting that machine, for about 5 seconds.....

There's no way to know even if you could.

Audit, for real, or junk e-voting.

:sarcasm: I wonder how much that cutting edge technology costs us? I mean, besides the costs of democracy itself being stolen...

Accurate Counts? Is that what voting machines are supposed to give us? I thought it was just fast, guaranteed elections? :shrug: :rant:

so I guess you can expect new machines to have about 12 year old
technology on them.

386 processors, etc.

Came out in 1985. First certified in NJ in 1986. IT is not a touchscreen, it uses pushbuttons.

is like $3300, while the 30 year old design, the Sequoia Advantage is $6200.

this professor was smart in every way, except that unfortunately
he made his source of voting machines public, and
now that source has dried up.

If www.govdeals.com hadn't been publicized, more voting machines
of different types were to be offered there.

So,I guess it was worth it, but now - good luck buying
used machines.

NC was ditching all sorts of machines, but now they won't
be on E-bay or GovDeals.

Probably will get stripped and sold or given to recyclers.

:(

Everytime a scientist or computer expert comes out w/ a report indicating the obvious -- that these machines are easily hackable -- the companies and the journalists always add that the machine is sealed and nobody would have access to them, etc. etc. etc.

But the FACTORY HAS ACCESS TO THE DAMNED THINGS, the meaintenance people, the technical staff that programs the machines for each election or referendum. They build them to begin with or add the progreams for each election, and it would be even easier for them to maliciously program. That's where the problem is, not with some supposed election worker, tho that would be easy enough as well since the elections workers have access to the machines during sleepovers and at a lot of other times as well I'm sure.

that have been installed just before an election. We have techs with access just before elections.
so many places to create havoc. What to choose? What to choose to done some mischief?