Public Red Team Report for:
ES&S Unity 3.0.1.1
February 15, 2008
Page 3 of 13
1. Introduction
The Red Team attempted to compromise the physical security and logical security of the
ES&S Voting System. The strategy involved the identification of vulnerabilities and the
development and execution of attacks (exploits) that impact voting system confidentiality,
integrity and availability. Components of the voting system that were evaluated included the
election management software, audit system, reporting system, voter assist terminals,
tabulators, and storage media.
The Red Team focused on identifying and exploiting vulnerabilities. After an exploit was
shown to be feasible, it was further analyzed to identify the enabling factors. This included
determining the potential actors, their familiarity with the target, their likely skill set,
potential window of opportunity and the equipment required to execute the exploit.
The next section, Section 2, provides a detailed description of the ES&S Voting System.
Section 3 describes some of the vulnerabilities identified and the exploits developed during
penetration testing. Section 4 lists the exploits that were unsuccessful. Section 5 provides
concluding remarks.
Comments