Part 2. UC Davis testing of Sequoia, Diebold and Hart electronic voting machines

In part one I referenced today’s LA Times report. In this post I quote from the Sec of State’s contract with the University of California at Davis which established three teams to conduct testing of the three “electronic voting systems currently certified in California.”

Sequoia. “The testers were able to gain access to the internals of the system by, for example, unscrewing screws to bypass locks. The screws were not protected by seals. Similarly, plastic covers that were protected by seals could be pried open enough to insert tools that could manipulate the protected buttons without damaging the seals or leaving any evidence that the security of the system had been compromised. The next section reports that “the testers discovered numerous ways to overwrite the firmware of the Sequoia Edge system, using (for example) malformed font files and doctored update cartridges.”

Diebold. “The testers were able to penetrate the GEMS server system by exploiting vulnerabilities in the Windows operating system as delivered and installed by Diebold. Once this access was obtained, they were able to bypass the GEMS server to access the data directly. Further, the testers were able to take security-related actions that the GEMS server did not record in its audit logs.
In the next category they “were able to bypass the physical controls on the AccuVote Optical Scanner using ordinary objects.”

The last machine tested was the Hart system. “Hart software security settings provide a restricted, Hart-defined environment that the testers bypassed, allowing them to run the Hart software in a standard Windows environment. They also found an undisclosed account on the Hart software that an attacker who penetrated the host operating system could exploit to gain unauthorized access to the Hart election management database.” The evaluation continues by stating that “the testers were able to overwrite the eScan software. The team also accessed menus that should have been locked with passwords. Other attacks allowed the team to alter vote totals; these attacks used ordinary objects.”

Without providing the entire report do you feel that your vote is safe and secure?


About Larry Gilbert