Here is an interesting post that I meant to write about a couple days ago. Ed Felten, on his site “Freedom to Tinker” has posted an interesting frightening piece about how easy it would be to access a Diebold voting machine. All you need is a key from a minibar.

On Wednesday we did a live demo for our Princeton Computer Science colleagues of the vote-stealing software described in our paper and video. Afterward, Chris Tengi, a technical staff member, asked to look at the key that came with the voting machine. He noticed an alphanumeric code printed on the key, and remarked that he had a key at home with the same code on it. The next day he brought in his key and sure enough it opened the voting machine.

This seemed like a freakish coincidence — until we learned how common these keys are.

Chris’s key was left over from a previous job, maybe fifteen years ago. He said the key had opened either a file cabinet or the access panel on an old VAX computer. A little research revealed that the exact same key is used widely in office furniture, electronic equipment, jukeboxes, and hotel minibars. It’s a standard part, and like most standard parts it’s easily purchased on the Internet. We bought several keys from an office furniture key shop — they open the voting machine too. We ordered another key on eBay from a jukebox supply shop. The keys can be purchased from many online merchants.

Further to this point we had keys at one of my earlier companies that was used to secure a Cisco Secure IDS appliance (circa 1999). I found, much to my amusement, that this key would also allow me access to ANY appliance that was of a similar form factor. Hey, a wedge of plastic and a coat hanger and you can have a new car. Keys are only as secure as we believe them to be I’m afraid.

10 years ago I lived in a condo in downtown Toronto. The lock on my front door broke and I had to get it fixed. When I called the locksmith he arrived and told me that he would have to replace the entire assembly. Not having a clue about these things I simply nodded. He asked me a strange question at this point. He wanted to know if my key was the only one to the condo. Being late for work I didn’t key in (pun intended) as to the devious nature of the question. He “replaced” the lock and gave me the “new key”. After he left, having hosed me for $260 I locked the door and headed to my car. I remembered that my buddy who was staying with me at the time had a key for the “old” lock. I had no way to call him so I made a point to try and get home early.

When I arrived home, Pete was sitting on the sofa watching the Leafs pre-game. The ****ing weasel locksmith screwed me out of $260 and I could not get them to return my calls and when I did get them they denied any wrong doing. Thus began my distrust of locksmiths. To learn more so, as to avoid this type of thing in the future I have read a great deal and visit educational sites like Lockping 101. Keys these days provide little more than the perception of security in many cases.

Read more about the Diebold story…

Article Link

[tags]Diebold Voting Machine, Diebold Security, Voting Machine, Minibar Key Hack[/tags]

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.