Computer Science Professor Avi Rubin of John Hopkins University analyzed Diebold's 47,609 lines of code and found it uses an encryption key that was hacked in 1997 and no longer is used in secure programs.
Rubin said Diebold has said it repaired the security flaws in subsequent programs, but that the company has not produced the code for analysis.
Diebold did return a call for comment.
The Digital Encryption Standard 56-bit encryption key used can be unlocked by a key embedded in all the source code, meaning all Diebold machines would respond to the same key.
Rubin, his graduate students and a colleague from Rice University found other bugs, that the administrator's PIN code was "1111" and that one programmer had inserted, "This is just a hack for now."
No comments:
Post a Comment