iTnews
  • Home
  • News
  • Technology
  • Security

California decertifies ‘vulnerable' voting machines

By Jim Carr on Aug 8, 2007 1:59PM
California decertifies ‘vulnerable' voting machines

California's secretary of state has decertified the voting machines of four companies, saying the security of their systems is "too flawed to be widely used."

Voting machines from Diebold and Sequoia were decertified, then given conditional re-certification for limited use. Secretary of State Debra Bowen's ruling allows only one machine from each company per polling place, and the companies' products will be required to comply with increased security and post-election auditing procedures for recertification.

The state also decertified voting machines from Hart InterCivic. That company, too, received conditional recertification — it will be required to comply with increased security and post-election auditing procedures — but the state will not limit the number of Hart machines at polling places.

Because the company did not meet a deadline for submitting information, the state also withdrew approval for voting systems from Elections Systems and Software.

The decision means that most voters in California will have to rely on paper ballots in the state’s Feb. 5 presidential election. It likely will lead to long lines and delays in election day results, California election officials said.

The state gave the manufacturers 30 days to develop plans for ensuring the security of their systems' internal configuration and 45 days to propose a network security hardening plan before their systems can be submitted for use in the Feb. 5 primary.

Bowen's decision came in the wake of a report last week by researchers from the University of California that uncovered IT and physical security vulnerabilities in three electronic voting systems. Teams using penetration testing techniques found that electronic voting systems from Diebold, Hart InterCivic and Sequoia are not secure enough to fend off hackers or physical tampering, according to a report from Matt Bishop, principal investigator based at the University of California, Davis.

The researchers found a variety of security flaws in the voting systems. These ranged from weak cryptography keys to ways to overwrite the firmware and boot loader to easily guessable passwords.

"I think voters and counties are the victims of a federal certification process that hasn't done an adequate job of ensuring that the systems made available to them are secure, accurate, reliable and accessible," Secretary Bowen said in a prepared release. "Congress enacted the Help America Vote Act, which pushed many counties into buying electronic systems that — as we've seen for some time and we saw again in the independent UC review — were not properly reviewed or tested to ensure that they protected the integrity of the vote."

Ryan Berg, co-founder and chief scientist of Ounce Labs, a developer of software risk-analysis products, called the vulnerabilities in the systems "very serious." The systems' developers "quite obviously weren't using core security principles" when developing code for the voting machines, he said.

He noted that some of the voting systems had "hard-coded passwords, system information was uploadable without secure procedures, and they were open to buffer overflows." These are "very basic, very simple things to identify" in development, he told SCMagazine.com.

"Just to think our voting system is not susceptible to fraud is a dangerous game," he added. "It's a dangerous game to say we'll rely on honor system, that no one is ever going to do something bad — but that's not the way it works." The security vulnerabilities could be exploited to infect voting systems with viruses or other malicious code that would allow unauthorised access to the voting machines, he added.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
californiadecertifiesmachinessecurityvotingvulnerable

Partner Content

Security: Understanding the fundamentals of governance, risk & compliance
Promoted Content Security: Understanding the fundamentals of governance, risk & compliance
How to turn digital complexity into competitive advantage
Promoted Content How to turn digital complexity into competitive advantage
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like
Why rethinking your CMS is crucial for customer retention
Promoted Content Why rethinking your CMS is crucial for customer retention

Sponsored Whitepapers

Free eBook: Digital Transformation 101 – for banks
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see

Events

  • Forrester Technology & Innovation Asia Pacific 2022
By Jim Carr
Aug 8 2007
1:59PM
0 Comments

Related Articles

  • Palo Alto Networks alerted to DoS vulnerability in routers
  • US puts million-dollar bounty on Russian ransomware raiders
  • Wesfarmers to stand up offensive cyber security capabilities
  • ACCC greenlights Google's buy of Mandiant
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

NSW Police dumps Bezos-backed Mark43 from core systems overhaul

NSW Police dumps Bezos-backed Mark43 from core systems overhaul

Australian court finds insurer not liable for ransomware clean-up costs

Australian court finds insurer not liable for ransomware clean-up costs

NBN Co proposes to axe CVC across all plans by mid-2026

NBN Co proposes to axe CVC across all plans by mid-2026

Wesfarmers to stand up offensive cyber security capabilities

Wesfarmers to stand up offensive cyber security capabilities

Digital Nation

Australia will lose 11 percent of jobs to automation by 2040: Forrester
Australia will lose 11 percent of jobs to automation by 2040: Forrester
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
Criteo to fork out $94.7m for consent breaches
Criteo to fork out $94.7m for consent breaches
Domino’s invests in observability for zero contact delivery
Domino’s invests in observability for zero contact delivery
Metaverses on the agenda for Dominello, Husic ministerial meeting
Metaverses on the agenda for Dominello, Husic ministerial meeting
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.