Here is an interesting post that I meant to write about a couple days ago. Ed Felten, on his site “Freedom to Tinker” has posted an interesting frightening piece about how easy it would be to access a Diebold voting machine. All you need is a key from a minibar.
On Wednesday we did a live demo for our Princeton Computer Science colleagues of the vote-stealing software described in our paper and video. Afterward, Chris Tengi, a technical staff member, asked to look at the key that came with the voting machine. He noticed an alphanumeric code printed on the key, and remarked that he had a key at home with the same code on it. The next day he brought in his key and sure enough it opened the voting machine.
This seemed like a freakish coincidence — until we learned how common these keys are.
Chris’s key was left over from a previous job, maybe fifteen years ago. He said the key had opened either a file cabinet or the access panel on an old VAX computer. A little research revealed that the exact same key is used widely in office furniture, electronic equipment, jukeboxes, and hotel minibars. It’s a standard part, and like most standard parts it’s easily purchased on the Internet. We bought several keys from an office furniture key shop — they open the voting machine too. We ordered another key on eBay from a jukebox supply shop. The keys can be purchased from many online merchants.
Further to this point we had keys at one of my earlier companies that was used to secure a Cisco Secure IDS appliance (circa 1999). I found, much to my amusement, that this key would also allow me access to ANY appliance that was of a similar form factor. Hey, a wedge of plastic and a coat hanger and you can have a new car. Keys are only as secure as we believe them to be I’m afraid.
10 years ago I lived in a condo in downtown Toronto. The lock on my front door broke and I had to get it fixed. When I called the locksmith he arrived and told me that he would have to replace the entire assembly. Not having a clue about these things I simply nodded. He asked me a strange question at this point. He wanted to know if my key was the only one to the condo. Being late for work I didn’t key in (pun intended) as to the devious nature of the question. He “replaced” the lock and gave me the “new key”. After he left, having hosed me for $260 I locked the door and headed to my car. I remembered that my buddy who was staying with me at the time had a key for the “old” lock. I had no way to call him so I made a point to try and get home early.
When I arrived home, Pete was sitting on the sofa watching the Leafs pre-game. The ****ing weasel locksmith screwed me out of $260 and I could not get them to return my calls and when I did get them they denied any wrong doing. Thus began my distrust of locksmiths. To learn more so, as to avoid this type of thing in the future I have read a great deal and visit educational sites like Lockping 101. Keys these days provide little more than the perception of security in many cases.
Read more about the Diebold story…
[tags]Diebold Voting Machine, Diebold Security, Voting Machine, Minibar Key Hack[/tags]