Integrity Vulnerabilities in the Diebold TSX Voting Terminal
This report presents certain integrity vulnerabilities in the Diebold AV-TSx Voting Terminal. We present two attacks based on these vulnerabilities: one attack swaps the votes of two candidates and another erases the name of one candidate from the slate. These attacks do not require the modification of the operating system of the voting terminal (as it was the case in a number of previous attacks). These attacks against the voting terminal can be launched in a matter of minutes and require only a computer with the capability to mount a PCMCIA card file system (a default capability in current operating systems).
The security problems are present in the system despite the fact that a cryptographic integrity check appears to be employed in the voting system’s memory card. The attacks presented in this report were discovered through direct experimentation with the voting terminal and without access to any internal documentation or the source code from the manufacturer.
Technical reports
