CTVotersCount.org Myth #8 – If we can trust our money to ATMs we can trust our votes to computers. <10 myths> <also>
Perhaps ATM’s are not as safe as we sometimes think.
Today a story shows that ATM’s are vulnerable. SCMagazineUS has the story: ATM malware appears, Diebold issues security update <read>
Security firm Sophos reported this week that it received three samples of a trojan that was customized to run on Diebold-manufactured cash machines in Russia, said Graham Cluley, Sophos’ senior security consultant. The malware was able to read card numbers and PINs — then when the attacker returned to the ATM, he inserted a specially crafted card that told the machine to issue him a receipt containing the stolen information.
“Basically [the malware] would be spewing out the identity information,” Cluley told SCMagazineUS.com on Wednesday. “It’s a really cunning scheme. You need to know how to talk to the ATM. It was working with the Diebold DLL (dynamic-linked library). It knew what API (application programming interface) calls to make, which is information, I suspect, not normally in the public domain.”
Diebold this week disclosed that it issued a security update in January for its ATMs running a Windows-based operating system to address the problem. Diebold told its customers in a letter that a number of its machines in Russia were infected — but the company did not reveal specifics on the attacks.
The somewhat comforting part of this story is that Diebold issued a fix in short order for the problem – while problems in their voting machines go unaddressed for years through multiple software versions.
However, it is a reminder of the vulnerability of any computer system to which somone gains access, including voting systems.
