|

 
|
| | Name : | Ron Crane | Organization : | N/A | Post Date : | 9/30/2005 |
| Section : | .20.3.3.1 | Page no. : | | Line no.: | | Comment : | 9a.
The Guidelines contain many loopholes surrounding firmware, which easily can be used to inject malware into the voting application14:
a. Requirements having to do with the verification of firmware's authenticity (e.g., Vol. II,
§3.3.1(a)(1)), are insufficient to deter an unscrupulous vendor from including malware (including malware loaders) in firmware. The vendor would merely ship systems containing "innocent" firmware to the test lab, while shipping cheating systems to jurisdictions. Deterring and detecting these cheats requires a regime of comprehensive,
randomly-conducted hardware inspections, such as the Nevada Gaming Control Board uses to monitor and enforce the proper performance of electronic gaming machines.15
The Guidelines must require such a regime. | |
|
|