Malicious takeover of voting systems: arbitrary code execution on optical scan voting terminals.: Arbitrary code execution on optical scan voting terminals

Russell J. Jancewicz; Aggelos Kiayias; Laurent D. Michel; Alexander C. Russell; Alexander A. Shvartsman

doi:10.1145/2480362.2480702

Malicious takeover of voting systems: arbitrary code execution on optical scan voting terminals. Arbitrary code execution on optical scan voting terminals

Russell J. Jancewicz, Aggelos Kiayias, Laurent D. Michel, Alexander C. Russell, Alexander A. Shvartsman

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Scopus citations

Abstract

This work focuses on the AccuVote Optical Scan voting terminal (AV-OS) that is widely used in US elections. We present a new attack that can be delivered without opening the system enclosure, and without changing a single bit of the system's firmware. The attack is launched by inserting a maliciously programmed AV-OS memory card into the terminal. The card contains binary code that exploits careless runtime memory management in the system's firmware to transfer control to alternate routines stored in the memory card. Once the control is taken by the injected code, the voting system is forced to operate according to the wishes of the attacker. In particular, given that the attack results in the execution of the arbitrary code, an attacker can completely take over AV-OS operation and compromise the results of an election. It is also noteworthy that once a memory card is compromised it can be duplicated using the native function of the voting terminal. In some past elections it was observed that up to 6% of all memory cards were involved in card duplication. There exists a non-trivial possibility that the infection on one memory card can propagate virally to other cards in a given election. This development was performed without access to the source code of the AV-OS system and without access to any internal vendor documentation. We note that this work is performed solely with the purpose of security analysis of AV-OS.

Original language	English (US)
Title of host publication	28th Annual ACM Symposium on Applied Computing, SAC 2013
Pages	1816-1823
Number of pages	8
DOIs	https://doi.org/10.1145/2480362.2480702
State	Published - 2013
Externally published	Yes
Event	28th Annual ACM Symposium on Applied Computing, SAC 2013 - Coimbra, Portugal Duration: Mar 18 2013 → Mar 22 2013

Publication series

Name	Proceedings of the ACM Symposium on Applied Computing

Conference

Conference	28th Annual ACM Symposium on Applied Computing, SAC 2013
Country/Territory	Portugal
City	Coimbra
Period	3/18/13 → 3/22/13

Keywords

Buffer overflow
Electronic voting systems
Malicious software

ASJC Scopus subject areas

Software

Access to Document

10.1145/2480362.2480702

Cite this

Jancewicz, R. J., Kiayias, A., Michel, L. D., Russell, A. C., & Shvartsman, A. A. (2013). Malicious takeover of voting systems: arbitrary code execution on optical scan voting terminals. Arbitrary code execution on optical scan voting terminals. In 28th Annual ACM Symposium on Applied Computing, SAC 2013 (pp. 1816-1823). (Proceedings of the ACM Symposium on Applied Computing). https://doi.org/10.1145/2480362.2480702

Malicious takeover of voting systems: arbitrary code execution on optical scan voting terminals. Arbitrary code execution on optical scan voting terminals. / Jancewicz, Russell J.; Kiayias, Aggelos; Michel, Laurent D. et al.
28th Annual ACM Symposium on Applied Computing, SAC 2013. 2013. p. 1816-1823 (Proceedings of the ACM Symposium on Applied Computing).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Jancewicz, RJ, Kiayias, A, Michel, LD, Russell, AC & Shvartsman, AA 2013, Malicious takeover of voting systems: arbitrary code execution on optical scan voting terminals. Arbitrary code execution on optical scan voting terminals. in 28th Annual ACM Symposium on Applied Computing, SAC 2013. Proceedings of the ACM Symposium on Applied Computing, pp. 1816-1823, 28th Annual ACM Symposium on Applied Computing, SAC 2013, Coimbra, Portugal, 3/18/13. https://doi.org/10.1145/2480362.2480702

Jancewicz RJ, Kiayias A, Michel LD, Russell AC, Shvartsman AA. Malicious takeover of voting systems: arbitrary code execution on optical scan voting terminals. Arbitrary code execution on optical scan voting terminals. In 28th Annual ACM Symposium on Applied Computing, SAC 2013. 2013. p. 1816-1823. (Proceedings of the ACM Symposium on Applied Computing). doi: 10.1145/2480362.2480702

@inproceedings{85e0240591df491eb17328ab1c5272d8,

title = "Malicious takeover of voting systems: arbitrary code execution on optical scan voting terminals.: Arbitrary code execution on optical scan voting terminals",

abstract = "This work focuses on the AccuVote Optical Scan voting terminal (AV-OS) that is widely used in US elections. We present a new attack that can be delivered without opening the system enclosure, and without changing a single bit of the system's firmware. The attack is launched by inserting a maliciously programmed AV-OS memory card into the terminal. The card contains binary code that exploits careless runtime memory management in the system's firmware to transfer control to alternate routines stored in the memory card. Once the control is taken by the injected code, the voting system is forced to operate according to the wishes of the attacker. In particular, given that the attack results in the execution of the arbitrary code, an attacker can completely take over AV-OS operation and compromise the results of an election. It is also noteworthy that once a memory card is compromised it can be duplicated using the native function of the voting terminal. In some past elections it was observed that up to 6% of all memory cards were involved in card duplication. There exists a non-trivial possibility that the infection on one memory card can propagate virally to other cards in a given election. This development was performed without access to the source code of the AV-OS system and without access to any internal vendor documentation. We note that this work is performed solely with the purpose of security analysis of AV-OS.",

keywords = "Buffer overflow, Electronic voting systems, Malicious software",

author = "Jancewicz, {Russell J.} and Aggelos Kiayias and Michel, {Laurent D.} and Russell, {Alexander C.} and Shvartsman, {Alexander A.}",

note = "DBLP License: DBLP's bibliographic metadata records provided through http://dblp.org/ are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.; 28th Annual ACM Symposium on Applied Computing, SAC 2013 ; Conference date: 18-03-2013 Through 22-03-2013",

year = "2013",

doi = "10.1145/2480362.2480702",

language = "English (US)",

isbn = "9781450316569",

series = "Proceedings of the ACM Symposium on Applied Computing",

pages = "1816--1823",

booktitle = "28th Annual ACM Symposium on Applied Computing, SAC 2013",

}

TY - GEN

T1 - Malicious takeover of voting systems: arbitrary code execution on optical scan voting terminals.

T2 - 28th Annual ACM Symposium on Applied Computing, SAC 2013

AU - Jancewicz, Russell J.

AU - Kiayias, Aggelos

AU - Michel, Laurent D.

AU - Russell, Alexander C.

AU - Shvartsman, Alexander A.

N1 - DBLP License: DBLP's bibliographic metadata records provided through http://dblp.org/ are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.

PY - 2013

Y1 - 2013

N2 - This work focuses on the AccuVote Optical Scan voting terminal (AV-OS) that is widely used in US elections. We present a new attack that can be delivered without opening the system enclosure, and without changing a single bit of the system's firmware. The attack is launched by inserting a maliciously programmed AV-OS memory card into the terminal. The card contains binary code that exploits careless runtime memory management in the system's firmware to transfer control to alternate routines stored in the memory card. Once the control is taken by the injected code, the voting system is forced to operate according to the wishes of the attacker. In particular, given that the attack results in the execution of the arbitrary code, an attacker can completely take over AV-OS operation and compromise the results of an election. It is also noteworthy that once a memory card is compromised it can be duplicated using the native function of the voting terminal. In some past elections it was observed that up to 6% of all memory cards were involved in card duplication. There exists a non-trivial possibility that the infection on one memory card can propagate virally to other cards in a given election. This development was performed without access to the source code of the AV-OS system and without access to any internal vendor documentation. We note that this work is performed solely with the purpose of security analysis of AV-OS.

AB - This work focuses on the AccuVote Optical Scan voting terminal (AV-OS) that is widely used in US elections. We present a new attack that can be delivered without opening the system enclosure, and without changing a single bit of the system's firmware. The attack is launched by inserting a maliciously programmed AV-OS memory card into the terminal. The card contains binary code that exploits careless runtime memory management in the system's firmware to transfer control to alternate routines stored in the memory card. Once the control is taken by the injected code, the voting system is forced to operate according to the wishes of the attacker. In particular, given that the attack results in the execution of the arbitrary code, an attacker can completely take over AV-OS operation and compromise the results of an election. It is also noteworthy that once a memory card is compromised it can be duplicated using the native function of the voting terminal. In some past elections it was observed that up to 6% of all memory cards were involved in card duplication. There exists a non-trivial possibility that the infection on one memory card can propagate virally to other cards in a given election. This development was performed without access to the source code of the AV-OS system and without access to any internal vendor documentation. We note that this work is performed solely with the purpose of security analysis of AV-OS.

KW - Buffer overflow

KW - Electronic voting systems

KW - Malicious software

UR - http://www.scopus.com/inward/record.url?scp=84877935334&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84877935334&partnerID=8YFLogxK

U2 - 10.1145/2480362.2480702

DO - 10.1145/2480362.2480702

M3 - Conference contribution

AN - SCOPUS:84877935334

SN - 9781450316569

T3 - Proceedings of the ACM Symposium on Applied Computing

SP - 1816

EP - 1823

BT - 28th Annual ACM Symposium on Applied Computing, SAC 2013

Y2 - 18 March 2013 through 22 March 2013

ER -