Black Box Voting today released a supplemental report on their study of Diebold touch-screen election machines, and it describes several troubling discoveries.
Perhaps most troubling is another backdoor, which is triggered simply by having a file with a certain name on the memory card:
The start-up program for the ballot station is looking for the existence of [redacted] on the memory card. The file itself can be empty, because the found file, based on the name alone, is a trigger for alternative execution of a general purpose file management utility program instead of the ballot station, therefore enabling access to Operating System. This back door has also been documented in [redacted]:
Of course once you have access to the operating system directly, you can modify files at will (e.g. votes).
More below.
Also odd is a "feature" that will erase the contents of flash memory.
There seems to be a memory card-triggered feature to erase the contents of flash memory. This destructive function was started in the TS6 with the file [redacted], and there are indications that the feature is carried over to the TSx with trigger file [redacted], if it is found on the memory card. This feature was not tested in Emery County and should be examined further.
Putting my tinfoil hat on for a moment, it would seem that this is handy for erasing a program that was previously loaded into flash memory if one had access to the operating system.
BBV has a nice summary of the report here.
The entire supplemental report can be found here.