US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   Stanley A. Klein
Organization :   N/A
Post Date :   9/30/2005

General Comments
Comment :  By creating an appropriate interface, an attack on a voting machine can be based on software
resident on another device. Modern cell phones and personal digital assistant (PDA) devices
contain computers suitable for such an attack. An example of this kind of attack would be to
penetrate the voting machine electronically through a smartcard reader port, often used in DRE
machines for voter authorization. The device interface software that would be the focus of this
attack is likely exempt from inspection under the provisions of VVSG Volume 1 Section 1.6
because of status as unmodified “Commercial OffTheShelf”
software. Plans for an electronic
device that connects a computer to a smart card reader port can be downloaded from the Internet
(at http://www.electronicslab.
com/projects/misc/003/). An attack can be preprogrammed
by
experts, making it necessary for the attacker only to place a device into the smart card reader and
remove it. The relevant electronics can be made easy to hide in clothing and the connection to the device in the smartcard port can be made by thin cable or optical wireless, making it very
difficult for polling place officials to see that the attack is taking place. The attack could be
perpetrated for various malicious purposes either in the polling place or during preelection
setup.