IrDA Protocol Can 'Totally Compromise System' Without Detection, Warns Federal Voting Standards Website
So far, no state or federal authority --- to our knowledge --- has dealt with this alarming security threat
We hate to pile on... (Or do we?)
But, really, with all the recent discussion of California Sec. of State Bruce McPherson's mind-blowing about-face re-certification of Diebold --- against state law, we hasten to add --- this may be a good time to point out one small item that we've been meaning to mention for a while.
As Jody Holder's recent comment points out, McPherson's silly "conditions" for re-certification of Diebold in California require a few much-less-than-adequate knee-jerk "safe guards" towards protection of the handling of the hackable memory cards in Diebold's voting machines. (Here's McP's full "Certificate of Conditional Certification").
Never mind, as Holder mentions, that the protective seals to be required are easily peeled away without tearing. Or that such voting machines have been stored in poll workers houses for weeks leading up to an election. More to the point, for the moment, there are ways to manipulate the information on those memory cards even without removing them or breaking the seals. This is more of a concern than ever, since it was recently proven, by the now-infamous Harri Hursti hack in Leon County, FL, that changing the information on the memory cards can force election results to be flipped...without a trace being left behind.
On that note, here's the little item we've been meaning to point out. It's a photograph from the side of a Diebold AccuVote
TSx TS6 touch-screen voting machine:
Now we have no idea what that "IrDA" port is meant to be used for with a touch-screen voting machine, but we do know that the IrDA (Infrared Data Association) is an Infrared port used for wireless connection between two devices. We used to have one on the back of our notebook and desktop computers which we used to keep the two systems synched up via wireless data transfers over that Infrared port.
A few election watchdog groups, including some members of the National Institute of Standards and Technology (NIST) who works with the federal authorities on these matters, have issued warnings about the IrDA port and protocols on voting machines. However, little --- if anything --- seems to have been done to mitigate the rather obvious security threat posed, as far as we can tell.
Here's how a page at Microsoft.com, last updated December 4, 2001, explains cable-free Infrafred data transfer on the Microsoft Windows CE operating system (the operating system which happens to be used in Diebold's AccuVote touch-screen voting machines --- like the one pictured above)...
There ya go.
The issue of the IrDA port on touch-screen voting machines hasn't been much discussed as far as we can tell. VotersUnite.org issued an alert mentioning it, with a photograph (seen at right), back on October 26, 2004. The alert warned:
The National Institute for Standards and Technology (NIST) --- who works with the federal Election Assistance Commission (EAC) to develop and recommend guidelines for electronic voting machines --- issued a similar warning [PDF] about the Infrared ports on voting machines in a report which warned "The use of short range optical wireless," like infrared, "particularly on Election Day should not be allowed."
As mentioned, since touch-screen machines have been stored at poll workers' houses and other unsecured locations prior to Election Day, and since data can be transferred to the machines and their memory cards via Infrared --- even without removing the cards or breaking their protective seals --- the IrDA ports would seem to be a tremendous concern.
The NIST report discusses such concerns and some of the troubling security issues with IrDA protocols:
The undated report --- from the EAC's own standards body, NIST --- then goes on to describe how simple and readily available IrDA software drivers are to obtain for use with UNIX and most Windows Operating Systems, including Windows CE. As well, it points out that such software could add executable code to the machines on, or prior to, Election Day and could then delete itself after ithe code has completed its main purpose [emphasis ours]:
Obviously, that last paragraph is very troubling. But also note the section about COTS.
The source code for that "Commercial-Off-The-Shelf" software is what Diebold recently argued that they couldn't provide to North Carolina after they changed their law to require all voting machine vendors to submit such code in order to receive state certification. Diebold went to state court arguing they shouldn't be forced to supply the source code for COTS software. Eventually, they lost that battle, and notified North Carolina they preferred to pull out of the state entirely (if the state wouldn't change the law for them) rather than complying with the state law requiring the submission of all such source code.
And another comment posted to NIST's voting website [PDF] by James C. Johnson on October 5, 2005, also discusses the concern, revealing that the use of the IrDA protocols could be used at any time, even after final "Logic and Accuracy" tests have been performed, and thus "totally compromising the system":
Perhaps some of you have additional thoughts on this matter. Like why such a port would be needed, or even present, on a touch-screen voting machine at all. And why the existence of such a port --- to our knowledge --- has hardly been discussed at all in conjuction with these machines. Especially in light of the now-infamous Leon County, FL "hack test" proving that executable code can be added to Diebold's memory cards resulting in a completely flipped election...as we've said...without a trace being left behind.
CORRECTION: We had previously identified the machine in the article's first photo as a TSx, when it's actually from a slightly older TS6 like those used in Maryland and elsewhere. The second photo, with all of the various ports identified, was originally taken from the Diebold AccuVote TS User's Manual. We have conflicting reports on whether the IrDA port is still used on the newer TSx machines and will try to follow up later with definitive information when we can get it.
UPDATE 6/28/06: Something happened during our import to the new software here at BRAD BLOG to munge up the comments section of this post. We'll see if we can figure out how to restore them correctly. Until then, we've turned off the comments on this post.