This confirms earlier reports on Diebold Optical Scan equipment, including the University of Connecticut report.
The vulnerabilities identified in this report should be regarded as a minimal set of vulnerabilities. We have pursued the attack vectors that seemed most likely to be successful. Other attack vectors not described here may also be successful and worth pursuing. This work should be seen as a first step in the ongoing examination of the systems, All members of the team strongly believe that more remains to be done in this field and, more specifically, on these systems
The Red Team was able to verify the findings of some previous studies on the AV-OS unit; the impact of these was to alter vote totals in order to change the vote results on that machine
…the attacker launches a low-tech attack that can be discreetly executed at a Precinct Count AV-OS under the watch of a moderately attentive poll worker. The tools for completing the attack are small and easily concealed, and they can be obtained in a typical office
…we were able to discover attacks for the Diebold system that could compromise the accuracy, secrecy, and availability of the voting systems and their auditing mechanisms. That is, the Red Team has developed exploits that absent procedural mitigation strategies can alter vote totals, violate the privacy of individual voters, make systems unavailable, and delete audit trails.
