The researchers obtained the machine, a Diebold AccuVote-TS, from a private party in May. They spent the summer analyzing the machine and developing the vote-stealing demonstration.
"We found that the machine is vulnerable to a number of extremely serious attacks that undermine the accuracy and credibility of the vote counts it produces," wrote Felten and his co-authors, graduate students Ariel Feldman and Alex Halderman.
In a 10-minute video on their Web site, the researchers demonstrate how the vote-stealing software works. The video shows the software sabotaging a mock presidential election between George Washington and Benedict Arnold. Arnold is reported as the winner even though Washington gets more votes. (The video is edited from a longer continuously shot video; the long single-shot version will be available for downloading from the center's site as well.)
The researchers also demonstrate how the machines "are susceptible to computer viruses that can spread themselves automatically and invisibly from machine to machine during normal pre- and post-election activity."
Felten said that policy-makers should be concerned about malicious software infecting the Diebold AccuVote-TS and machines like it, from Diebold and other companies. "We studied these machines because they were available to us," the researchers wrote in their Web posting. "If we had gotten access to another kind of machine, we probably would have studied it instead."
Felten said, "There is reason for concern about other machines as well, even though our paper doesn't directly evaluate them. Jurisdictions using these machines should think seriously about finding a backup system in time for the November elections."
Felten, a professor of computer science and public affairs who is known for his groundbreaking work in computer security, said that some of the problems discussed in the paper cannot be fixed without completely redesigning the machine.
Other problems can be fixed by addressing software or electronic procedures. "But time is short before the next election," he said.
According to the researchers' paper, the Diebold machine they examined and another newer version are scheduled to be used in 357 U.S. counties representing nearly 10 percent of all registered voters. About half those counties, including all Maryland and Georgia, will use the exact machine examined by Felten's group.
Felten said that, out of security concerns, the Diebold machine infected with the vote-stealing software has been kept under lock and key in a secret location.
"Unfortunately election fraud has a rich history from ballot stuffing to dead people voting," he said. "We want to make sure this doesn't fall into the wrong hands. We also want to make sure that policy-makers stay a step ahead of those who might create similar software with ill intent."
Princeton's Center for Information Technology Policy includes members from diverse departments, including computer science, economics, electrical engineering, operations research and financial engineering, sociology and the Woodrow Wilson School of Public and International Affairs.
More information can be found on the Princeton Engineering News Web site.
News from PRINCETON UNIVERSITY
Office of Communications
22 Chambers St.
Princeton, New Jersey 08542
Telephone (609) 258-3601; Fax (609) 258-1301
From the full paper:
The main findings of our study are:
1. Malicious software running on a single voting machine can steal votes with little if any risk of detection. The malicious software can modify all of the records, audit logs, and counters kept by the voting machine, so that even careful forensic examination of these records will find nothing amiss. We have constructed demonstration software that carries out this vote-stealing attack.
2. Anyone who has physical access to a voting machine, or to a memory card that will later be inserted into a machine, can install said malicious software using a simple method that takes as little as one minute. In practice, poll workers and others often have unsupervised access to the machines.
3. AccuVote-TS machines are susceptible to voting-machine viruses--computer viruses that can spread malicious software automatically and invisibly from machine to machine during normal pre- and postelection activity. We have constructed a demonstration virus that spreads in this way, installing our demonstration vote-stealing program on every machine it infects.
4. While some of these problems can be eliminated by improving Diebold's software, others cannot be remedied without replacing the machines' hardware. Changes to election procedures would also be required to ensure security.
Comments are closed on this story.