This story was out a few days ago, but I haven't seen it diaried here. If it has been, please bring it to my attention and I will take this down.
Both BradBlog and Black Box Voting are reporting that the state of Pennsylvania has sequestered all of it's Diebold voting machines because of a newly discovered vunerability that allows "unauthorized software to be loaded on to the system."
From BradBlog:
The BRAD BLOG has been told on the record, however, by one person involved in the matter, that the vulnerability is a "major national security risk."
[...]
What's also clear is that neither Diebold themselves, nor federal officials at the Elections Assistance Commission (EAC) have been notifying states about the serious problem which apparently affects all Diebold AccuVote touch-screen systems, including both their newer TSx models, and the older TS and TS6 models.
More below...
More from BradBlog:
The BRAD BLOG has confirmed with a top official in Pennsylvania, close to those responsible for giving state certification of voting systems in the Keystone state, that the problem comes from a "feature" that is purposely built into all Diebold touch-screen systems.
"As far as I know, it's present on all TS and TSx machines," he told us. "It relates to potential misuse of the procedure by which Diebold does field updates to the machines. It's not a bug -- it's a deliberate but unwise 'feature'. Every jurisdiction that uses the machines should be notified. Now that the story is out, I suspect they will be. The fix can be applied at any time prior to the next election, however, so there is no particular rush except in states like Pennsylvania, which has a primary in less than two weeks. The fix is administrative and requires no new or modified software."
Bev Harris, of BlackBoxVoting.org (BBV), who described the situation as "horrifying" said in a comment posted on BRAD BLOG earlier today that, "The problem is very serious and because primary elections are being held, releasing even a small part of what makes this security hole so dangerous presents an immediate threat to U.S. elections."
Black Box Voting has published a warning that has been faxed to Utah Lt. Governor, state elections director, Emery County attorney and Emery County commissioners. The link can be found on this page, but as you'll see in the comments, there is a problem with this link. I have downloaded the document, so here's an except that describes the problem with the machines:
The security problems found in Emery County present potentially catastrophic security defects for upcoming elections. The issue extends outside of Emery County to additional states. The identified security vulnerability appears to be:
1) Persistent, with the ability to survive through multiple elections;
2) Difficult to detect, not only for elections official but also for security experts and even for Diebold technicians
3) Flexible, in that the exploit can selectively affect any particular election, candidate or ballot question;
4) Accessible, in that no password, supervisor access or special equipment is needed to invoke the exploit;
5) Difficult to eradicate with any patch, reinstallation, or cleaning procedure; and 6) Likely to be exploited, because the skills needed to exploit the hole are possessed by many programmers and the information needed to conduct the exploit is generally available to the public. The time needed to exploit the security hole is in the range of a week's planning time and 60 seconds for execution.
Links:
Article on Black Box Voting can be found here.
Article on BradBlog can be found here.