|
Vulnerabilities With Proposed RFID E-Voting Initiative Identified by AlgoSec CTO
RESTON, VA, Apr 20, 2010 (MARKETWIRE via COMTEX) --
Dr. Avishai Wool, co-founder and CTO of AlgoSec(R), the leading
provider of firewall operations and security risk management
solutions, recently identified a number of vulnerabilities associated
with a new RFID-based Israeli e-voting system. From labs in the
School of Electrical Engineering at Tel Aviv University where he is
also a professor, Dr. Wool and his students uncovered the
vulnerabilities after security testing and analysis of the new
e-voting system.
Under the proposed e-voting system, introduced by the Finance
Ministry last year, voters hold an empty smart card against a voting
terminal (computer) as they select their desired candidates. Through
RFID, the empty smart card is populated with the cardholder's votes.
Upon completion, the voter inserts the smart card into a ballot box
whereby election officials verify if there is a discrepancy between
the figures recorded by the computer and those in the smart cards.
Dr. Wool, who has also assisted in securing RFID technology used
today in American passports, and his team built homemade hacking
devices out of simple, cheap materials like disposable cameras and
copper pipes from cooking appliances that were capable of disrupting
the cards' radio frequency (RF) signals. Their work was presented at
the IEEE RFID conference in Orlando, FL, just last week.
"RFID-based e-voting is not used in any other country and there's a
reason: at its current stage, the technology is simply not secure
enough," said Dr. Wool. "For all its technological sophistication,
the system can quickly be rendered useless by even amateur hackers
with minimal RF knowledge and a few household materials."
In his lab, Dr. Wool and his students assembled three different
attack mechanisms for disrupting the new e-voting technology. One
mechanism was an RFID "zapper" made from a disposable camera. Dr.
Wool and his team replaced the camera's bulb with an RFID antenna to
create an electro-magnetic pulse capable of destroying data on nearby
RFID chips such as ballots. "In a voting system, this would be the
equivalent of burning ballots -- but without the fire and smoke,"
said Dr. Wool.
A second attack "jammed" the radio frequencies that read the smart
card. The card's transmissions, though designed to be read by a
receiving antennae no more than 2 inches away, can be blocked from
more than 20-30 meters away using a low-energy transmitter powered by
something as simple as a car battery. In this way, entire voting
centers could feasibly be taken offline by hackers across the street.
Another, much more sinister and sophisticated attack demonstrated by
Dr. Wool is a "relay attack" which confuses a voting station into
believing it is communicating with an RFID ballot when in fact it is
being sent a false communication from a hacker using homemade
transmission equipment.
About AlgoSec
AlgoSec is the leading provider of Firewall Operations and Security
Risk Management solutions. AlgoSec's(R) exclusive technology is
optimized for enterprises, MSPs, auditors and consultants to
quantifiably increase their operational effectiveness. More than 400
leading organizations such as Cisco, BP, Visa, Nokia, IBM, Vodafone,
NASDAQ, KPMG, E&Y, Deloitte, and PwC have selected AlgoSec's products
- AlgoSec Firewall Analyzer and FireFlow(TM) -- to intelligently
automate what were traditionally manual, time- and labor-intensive
tasks surrounding firewall, router and VPN management. This
translates to significant cost savings and greater output for
organizations without increasing headcount. AlgoSec also allows IT
organizations to get more from their current infrastructures by
extending the lifespan of existing security devices.
Media Contact:
Matt Otepka
Email Contact
206-855-7826
SOURCE: AlgoSec
http://www2.marketwire.com/mw/emailprcntct?id=0F1ADB7DDFCA7751
[ InfoTech Spotlight's Homepage ]
|
