This report presents certain integrity vulnerabilities in the Diebold AV-TSx Voting Terminal. We present two attacks based on these vulnerabilities: one attack swaps the votes of two candidates and another erases the name of one candidate from the slate. These attacks do not require the modification of the operating system of the voting terminal (as it was the case in a number of previous attacks). These attacks against the voting terminal can be launched in a matter of minutes and require only a computer with the capability to mount a PCMCIA card file system (a default capability in current operating systems).

The security problems are present in the system despite the fact that a cryptographic integrity check appears to be employed in the voting system’s memory card. The attacks presented in this report were discovered through direct experimentation with the voting terminal and without access to any internal documentation or the source code from the manufacturer.

The AV-TSx voting terminals are quite different from the AccuVote Optical Scan terminals, and the vulnerabilities presented in this report do not apply to the Optical Scan terminals used by the State of Connecticut.
The AV-TSx terminals are not used in Connecticut.

Full report: TSXVoting_Terminal_Report.pdf (not available)

---