The Real Hack On Voting Systems... Hacking The Voter Smart Card To Hack The Vote

No instructional here but consider the following scenarios.

What Is a smart card?

A smart card resembles a credit card in size and shape, but inside it is completely different. First of all, it has an inside -- a normal credit card is a simple piece of plastic.

The inside of a smart card usually contains an embedded microprocessor. The microprocessor is under a gold contact pad on one side of the card. Think of the microprocessor as replacing the usual magnetic stripe on a credit card or debit card.

Magnetic stripe technology remains in wide use in the United States except for voter smart cards that do not use the mag stripes. The stripe is really not the best place to store sensitive information.

A smart card carries the intelligence.

The microprocessor on the smart card is usually there for security but it can carry any payload it is designed for. The host computer and card reader actually "talk" to the microprocessor. The microprocessor enforces access to the data on the card. If the host computer read and wrote the smart card's random access memory, it would be no different than a diskette or thumbdrive.

Smarts cards may have up to 8 KB of RAM, 346 kilobytes of ROM, 256 kilobytes of programmable ROM, and a 16-bit microprocessor. The smart card uses a serial interface and receives its power from external sources like a card reader. The processor uses a limited instruction set but can be configured to do any application.

I learned how to program when computers had 256K of memory and we wrote pretty complex spreadsheets on the IBM personal PC platform.

The demonstration that Ed Felton and company from Princeton University demonstrate that given access to a machine which thousands of electoral volunteers do during the election season that it is trivial to hack the code in a machine. 

The fact is if you have the intent, time, motive and skill... one can hack anything. 

Reverse engineering is trivial if you are an accomplished software engineer.  Check this out: http://www.acm.uiuc.edu/sigmil/RevEng/
and http://en.wikipedia.org/wiki/Reverse-engineer.

If you can hack the machine and are able to introduce a polymorphic and self-deleting virus such as the one demonstrated by the Princeton team, you can also hack it to allow the voting machine to "accept" specially configured smart cards to do whatever you want the darn machine to do.  It could have special executables.  It could force buffer overflows a favorite fault injection technique.  Bottom line is you can do a lot with a 256K capable microprocessor.

By the way, most of the voting machine companies would never be able to detect specially constructed viruses because there is no such thing as virus protection for the operating systems that these machines use.  If Windows XP could be hacked by some Bulgarian teenager, what would the possibilities be for a desperate politician or political party?  Perhaps even a construction company that would benefit from a multi-billion dollar bond measure?

This would give new meaning to technical hacking and social engineering... imagine hacking a country, state or bond measure. 

If the voting machine companies want to prove me wrong, then they should open their source code for public inspection.

I dare the voting machine companies to expose their software to prove they are secure.

BTW, here's a list of tools that can be useful for reverse engineering code.

Crocodile http://kastanie.informatik.tu-cottbus.de/crocodile.htm dead link! CXREF - a C language cross referencing and documenting tool. It produces documentation (in LaTeX, HTML, RTF or SGML) including cross-references from C program source code. From Andrew M. Bishop. http://www.gedanken.demon.co.uk/cxref/ Datrix - software source code assessments with the goal of evaluating the maintainability and the evolability of software products. http://www.iro.umontreal.ca/labs/gelo/datrix/ daVinci - a X-Window visualization tool for drawing directed graphs. http://www.tzi.de/~davinci/ Design Recovery Tool http://www.cse.unsw.edu.au/~drt/ DISCOVER - a commercial a software development and maintenance environment Carnegie Mellon University, 1996 http://www.setech.com then bought by MKS (formerly Upspring Software) and integrated into CodeRover. Supports Impact Analysis, Integrity Checker... Commercial, Integration into VisualStudio, JBuilder, Emacs. http://www.mks.com/upspring.shtml GEN++ - an application-generator to support development of analysis tools for the C++ language. From UC Davis and Bell Labs. http://www.cs.ucdavis.edu/~devanbu/genp/ GOOSE - a tool set for analysing the design of object-oriented software systems (FAMOOS project). http://esche.fzi.de/PROSTextern/software/goose/index.html GraphViz - a graph visualization http://www.research.att.com/sw/tools/graphviz/ GraVis http://www-pr.informatik.uni-tuebingen.de/Forschung/GraVis/welcome.html Headway - a commercial source code visualization and comprehension tool for Java and C++ developers. http://www.headwaysoft.com/ IDA - (interactive disassembler) reverse engineering  at low level. http://www.datarescue.com/idabase/ Imagix - a 3D query and visualization tool. http://www.imagix.com inSight tool suite - Nortel. http://case.ispras.ru/insight/index.html Insure+ - a source level run-time debugger for C and C++. http://sdt.cern.ch/Insure/ Introspector - A long term project to extract MetaData from FreeSoftwareTools like the Gcc,Perl,Bash. From James Michael DuPont http://introspector.sf.net Juliet - an IDE extension for NetBeans, Forte, JBuilder, JDeveloper. http://infotectonica.com/juliet/ Klocwork Suite - a commercial suite of RE products targeted at C, C++, and Java. http://www.klocwork.com/ Logiscope - a source code analyser and test coverage tool for C/C++/Fortran. Telelogic. http://sdt.cern.ch/Logiscope/ PBS Portable Bookshelf http://swag.uwaterloo.ca/pbs/ PL/I Analyzer (REFINE) - an interactive workbench used to analyze and reengineer legacy PL/I systems. Phoenix Software Technologists. http://stout.levtech.com/ Refactorit - an IDE extension with metrics and refactorings engine and integration for Forte. http://www.refactorit.com/ Rigi http://www.rigi.csc.uvic.ca/ SHriMP http://shrimp.cs.uvic.ca/ SNiFF+ - supports reverse engineering, configuration management, workspaces and build management and provides a set of browsers and parsers. Commercial. http://www.windriver.com/products/html/sniff.html Source Browser. C Code Browser, non-commercial, Adam Moravanszky. http://n.ethz.ch/student/adammo/ProBrowser.htm SOURCE CODE BROWSER - commercial product by Alajava. http://www.alajava.com/aubjex/products.htm Source Explorer - commercial tool for source code browsing and re-engineering. http://intland.com/html/__source_explorer.html Source Insight - a commercial project oriented program editor with built-in analysis for C/C++, and Java programs. http://www.sourcedyn.com/ Source Navigator http://sources.redhat.com/sourcenav/ http://oimanager.de/sn.htm (Internet Extensions) SPOOL - Spreading Desirable Properties into the Design of Object-Oriented, Large-Scale Software Systems. http://www.iro.umontreal.ca/labs/gelo/spool/ StP - an UML Editor by Software through Pictures. http://www.aonix.com/content/products/stp/stp.html Surveyor - A tool for source code analysis, visualization, and documentation in most popular languages, OS's, and IDE's. http://www.lexientcorp.com Tarantula - Finding software faults by visualizing test results - very specific views on metrics. http://www.cc.gatech.edu/aristotle/Tools/tarantula/ The Small Worlds - is a commercial application for analyzing and visualizing large-scale software, developed by the Information Laboratory. http://www.thesmallworlds.com/ TkSee - Knowledge-Based Reverse Engineering of Legacy Telecommunications Software. http://www.site.uottawa.ca/~tcl/kbre/ Together ControlCenter - commercial round-trip engineering tool for Java. http://www.togethersoft.com Understand C / FORTRAN - an interactive development environment (IDE) tool providing reverse engineering, automatic documentation, metrics and cross referencing of C / FORTRAN source code. http://www.scitools.com/uf.html http://www.scitools.com/ucpp.html VIBRO (VIsualisation BROker Framework) - Visualisation Research Group, participated in SORTIE project. GXL. University of Durham, UK. http://www.csr.uvic.ca/chisel/collab/reports/VIBRO/Report.html Visualize it - a graphical source code visualization tool for Java. http://www.powersoftware.com/vz/ XGVis -  A system for multidimensional scaling and graph layout in any dimension http://www.research.att.com/areas/stat/xgobi/