A few weeks ago we were asked to see how long it would take us to swap the ROM’s in a Nedap voting computer. The exact time would be needed in a German report from the Chaos Computer Club. They did research on voting computers and their vulnerabilities and came out with their analysis today.
In order for them to calculate how long an outsider would need to hack the elections they needed an estimate on how long it would take to swap the two ROM chips on a Nedap voting computer. The complete voting computer software is loaded from these two ROMs, and the person/entity installing the ROMs on these black box voting computers has complete power over the elections. There is no safeguard as there is no ‘paper trail’ and a recount is not possible.
If you want to know more details: recently a subtitled version of a Dutch TV item became available online for those interested in the situation in the Netherlands and our atempts to hack the Nedap’s. I think it gives a nice overview.
For us doing the ‘ROM swap job’ was a fun assignment. We stopped when setting the ‘record’ to one minute. One minute per machine is a nice statement and we decided not to push the limits any further.
* Update June 10: The CCC report is getting extremely good press. Read the article from the prestigious ‘Der Spiegel’ magazine.