http://www.technewsworld.com/story/58572.html
I'll find the company rebuttals in a little...For instance, the testers analyzing the Sequoia e-voting machine were able to gain physical access to the system by removing screws to bypass locks. The testers also discovered numerous ways to overwrite the firmware of the Sequoia Edge system -- for example, using malformed font files or doctored update cartridges.
Testers were also able to exploit vulnerabilities in Diebold's Windows operating system and take security-related actions that the server did not record in its audit logs. Thus, testers were able to manipulate several components networked to the server, including loading wireless drivers onto the server that could then be used to access a wireless device plugged surreptitiously into the back of the server.
Diebold's physical security was also lacking, the researchers found. Testers were able to bypass the physical controls on the optical scanner, for example.
The testers also found numerous ways to overwrite Diebold's firmware. Attacks could change vote totals, among other things. For instance, the testers were able to escalate privileges from those of a voter to those of a poll worker or central count administrator, enabling them to reset an election, issue unauthorized voter cards and close polls.
The testers did not test the Windows systems on which the Hart election management software was installed because Hart does not configure the operating system or provide a default configuration, notes the report.
Rather, Hart software security settings provide a restricted, Hart-defined environment that the testers were able to bypass, which allowed them to run the Hart software in a standard Windows environment.
They also found an undisclosed account on the Hart software that an attacker who penetrated the host operating system could exploit to gain unauthorized access to the Hart election management database.
The testers were able to overwrite the firmware and access menus that should have been locked with passwords. Other attacks allowed the team to alter vote totals; these attacks used ordinary objects. The team was also able to develop a device that caused Hart's system to authorize access codes without poll worker intervention