The technical team commissioned by the State of Florida to study the technology used in the ill-fated Sarasota election has released its report. (Background: on the Sarasota election problems; on the study.)
One revelation from the study is that the iVotronic touch-screen voting machines are terribly insecure. The machines are apparently susceptible to viruses, and there are many bugs a virus could exploit to gain entry or spread:
We found many instances of [exploitable buffer overflow bugs]. Misplaced trust
in the election definition file can be found throughout the iVotronic software.
We found a number of buffer overruns of this type. The software also contains
array out-of-bounds errors, integer overflow vulnerabilities, and other security
holes. [page 57]
The equation is simple: sloppy software + removable storage = virus vulnerability. We saw the same thing with the Diebold touchscreen voting system.
No comments:
Post a Comment