Researchers from the Vulnerability Assessment Team at Argonne National Laboratory, administered by the Department of Energy, have successfully demonstrated that Diebold voting machines can be hacked and vote counts changed while leaving no trace of manipulation.
The method is described as being much more simple to accomplish as compared to a previous demonstration conducted by Princeton University which utilized a virus-based attack that exploited vulnerabilities in the Diebold touch screen.
"This is a fundamentally very powerful attack and we believe that voting officials should become aware of this and stop focusing strictly on cyber [attacks]. There's a very large physical protection component of the voting machine that needs to be addressed," says researcher John Warner.
The Argonne team indicated that the attack could be accomplished with little technical skills and a few dollars in off-the-shelf hardware.
"The cost of the attack that you're going to see was $10.50 in retail quantities. If you want to use the RF [radio frequency] remote control to stop and start the attacks, that's another $15. So the total cost would be $26," Warner stated.
Though the team has only examined the Diebold Accuvote machines, they believe similar vulnerabilities exist in other varieties of commonly distributed units.
"We believe these man-in-the-middle attacks are potentially possible on a wide variety of electronic voting machines. We think we can do similar things on pretty much every electronic voting machine," said Argonne research team leader Roger Johnston.
Unlike other methods of voter machine tampering, the exploit identified by Argonne researchers leave no evidence that the machines or vote counts have been tampered with.
"The really nice thing about this attack, the man-in-the-middle, is that there's no soldering or destruction of the circuit board of any kind. You can remove this attack and leave no forensic evidence that we've been there," said Warner.
Representatives from the non-partisan advocacy group VerifiedVoting.org have indicated that as many as on-third of all voters in the upcoming 2012 presidential elections will be using voting machines susceptible to this exploit.
"This is a national security issue. It should really be handled by the Department of Homeland Security," said Johnston.