How to Steal an Election by Hacking the Vote - repo.zenk-securit...
How to Steal an Election by Hacking the Vote - repo.zenk-securit...
How to Steal an Election by Hacking the Vote - repo.zenk-securit...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
System<br />
Software<br />
Windows CE<br />
Firmware<br />
http://arstechnica.com/articles/culture/evoting.ars<br />
Ballot<br />
Defintion<br />
File<br />
Figure 4: The Diebold Accu<strong>Vote</strong> TS software stack<br />
As you c<strong>an</strong> see from Figure 4, <strong>the</strong> Accu<strong>Vote</strong>'s software stack consists of three<br />
primary layers. At <strong>the</strong> lowest level, closest <strong>to</strong> <strong>the</strong> hardware, sits <strong>the</strong> firmware layer.<br />
The Accu<strong>Vote</strong>'s firmware is <strong>the</strong> first program <strong>to</strong> be loaded in<strong>to</strong> memory when <strong>the</strong><br />
machine boots, <strong>an</strong>d it takes care of loading <strong>the</strong> next layer of <strong>the</strong> stack, which is <strong>the</strong><br />
operating system.<br />
Note: Because all of a DRE's software loads from a pool of internal Flash memory,<br />
DRE vendors tend <strong>to</strong> refer <strong>to</strong> every piece of software in <strong>the</strong> system as "firmware." In<br />
this article, I'll stick <strong>to</strong> <strong>the</strong> st<strong>an</strong>dard firmware/OS/application distinction, just <strong>to</strong> avoid<br />
confusion.<br />
The Accu<strong>Vote</strong>'s operating system is a cus<strong>to</strong>m version of Windows CE. Diebold<br />
licenses Windows CE from Microsoft <strong>an</strong>d modifies it <strong>to</strong> fit <strong>the</strong> Accu<strong>Vote</strong>. (For <strong>the</strong><br />
uninitiated, <strong>the</strong> operating system is really a collection of different software libraries<br />
that h<strong>an</strong>dles all of <strong>the</strong> low-level tasks in <strong>the</strong> system, like reading <strong>an</strong>d writing <strong>to</strong> <strong>the</strong><br />
internal s<strong>to</strong>rage device, displaying things like windows <strong>an</strong>d checkboxes on <strong>the</strong><br />
<strong>to</strong>uchscreen, m<strong>an</strong>aging files <strong>an</strong>d applications, <strong>an</strong>d so on.)<br />
When Windows CE boots on <strong>the</strong> Accu<strong>Vote</strong>, it loads <strong>the</strong> main system software<br />
application that actually h<strong>an</strong>dles <strong>the</strong> ballot display <strong>an</strong>d voting process. The system<br />
software selects <strong>the</strong> proper ballot definition file <strong>to</strong> present <strong>to</strong> <strong>the</strong> voter, <strong>an</strong>d it <strong>the</strong>n<br />
uses that file <strong>to</strong> record <strong>the</strong> voter's selections on <strong>the</strong> Flash memory card.<br />
So with this concept of a software stack in mind, let's exp<strong>an</strong>d step 3 from Figure 2 <strong>to</strong><br />
see exactly how <strong>the</strong> Accu<strong>Vote</strong> records <strong>the</strong> voter's <strong>to</strong>uch-screen selections.<br />
B D F<br />
10