Here’s your answer, courtesy of threat level:
A new study (PDF) on the security of voting machines was released in Ohio on Friday. The report, one of the most comprehensive and informative that I’ve seen yet, contains some pretty astounding information about the security of voting machines that hasn’t been revealed before. Unfortunately, the report isn’t receiving the kind of attention it deserves.
It’s the first independent study to examine machines made by Election Systems & Software, the largest voting machine company in the country — the company’s machines are used in 43 states. (A similar study of voting systems done in California earlier this year did not examine ES&S machines.)
What the researchers discovered is pretty significant.
They found that the ES&S tabulation system and the voting machine firmware were rife with basic buffer overflow vulnerabilities that would allow an attacker to easily take control of the systems and “exercise complete control over the results reported by the entire county election system.”
They also found serious security vulnerabilities involving the magnetically switched bidirectional infrared (IrDA) port on the front of the machines and the memory devices that are used to communicate with the machine through the port. With nothing more than a magnet and an infrared-enabled Palm Pilot or cell phone they could easily read and alter a memory device that is used to perform important functions on the ES&S iVotronic touch-screen machine — such as loading the ballot definition file and programming the machine to allow a voter to cast a ballot. They could also use a Palm Pilot to emulate the memory device and hack a voting machine through the infrared port (see the picture above right).