Link: 1,000 pages of bad news: Ohio e-voting report released .
The EVEREST researchers described a vulnerability in the ES&S M100 optical scanner in which simply flipping the write-protect switch on the device's CF card to "on" would result in a precinct-wide undercount that's extremely hard to detect. If this switch is activated after the polls are opened and reset before the polls are closed...the internal counts of the m100, and the paper tape reports will be correct and the system will function normally, but the counts of the votes scanned will not be added to the electronic media delivered to the central Board of Elections...
To add to the level of difficulty in detection of the exploit, while the physical ballots are in the ballot box in the correct number and the paper tape shows the correct number, the memory card is delivered to the central Board of Elections where it is read and processed. The current processes in use in most polling places are a simple review of the paper tapes, which would be correct. As such, it is likely that unless close scrutiny or recounts of the precinct were performed that surgical use of this vulnerability would go undetected. Note that this write-protect switch is apparently easy to flip accidentally.
Obviously, turning on the write-protect for the duration of a whole election would cause that machine's precinct to report "zero" votes cast, thereby tipping off election officials that something was wrong. But if a malicious precinct worker were to just reach down periodically and flip the switch on and off during the course of a day's polling, he or she could easily cause a serious undervote that would only be detected by a hand count of the optical scan ballots.
Comments