Monday, September 18, 2006

Diebold "security" update

OK, now I'm sure they're just messing with me!

From a post at Freedom To Tinker, via DailyKos:
The access panel door on a Diebold AccuVote-TS voting machine — the door that protects the memory card that stores the votes, and is the main barrier to the injection of a virus — can be opened with a standard key that is widely available on the Internet.

Chris Tengi, a technical staff member, asked to look at the key that came with the voting machine. He noticed an alphanumeric code printed on the key, and remarked that he had a key at home with the same code on it. The next day he brought in his key and sure enough it opened the voting machine.

This seemed like a freakish coincidence — until we learned how common these keys are.

Chris’s key was left over from a previous job, maybe fifteen years ago. He said the key had opened either a file cabinet or the access panel on an old VAX computer. A little research revealed that the exact same key is used widely in office furniture, electronic equipment, jukeboxes, and hotel minibars. It’s a standard part, and like most standard parts it’s easily purchased on the Internet. We bought several keys from an office furniture key shop — they open the voting machine too. We ordered another key on eBay from a jukebox supply shop. The keys can be purchased from many online merchants.
Now, this refers to the Diebold Touch Screen voting machine, not the Optical Scanning machines that Connecticut is going to get. I've already shown how those can be opened via this post.

In a way, I can understand the reasoning behind this. The Diebold sales and technical staffs have been criss-crossing the nation peddling these machines. They often stay in the finer hotels. Designing a voting machine that uses the identical key to their suite's mini-bar can be very useful in avoiding an unpleasant billing situation when they check out in the morning.

But the idea that a fucking mini-bar key can open up a voting machine and make it available for hacking is completely outrageous! Jesus, if they made ATM machines 1% as easy to hack, there'd be no bank anywhere that would use them.

No comments: