Unlike the desktop versions of Windows, the embedded versions of Windows CE 3.x and 4.x versions used in the Diebold system (which are both noncurrent versions) have very limited security features against a user with access below the application level. Because of the lesser security available in Windows CE, access to the standard Windows Explorer application grants users access to replace and modify files almost without restriction. This enables a hostile attacker to severely alter the system functionality and/or add new software (and hidden processes) to the system.

In addition to altering individual files, the TSx and TS6 systems also present opportunities to change the Operating System itself. This provides possibilities for hiding the attack and/or altering the application's behavior without any changes to the application itself. A major contributor to this is the ability to change the Operating System functions and libraries any application software relies on at a deep level.

It is important to understand that these attacks are permanent in nature, surviving through the election cycles. Therefore, the contamination can happen at any point of the device's life cycle and remain active and undetected from the point of contamination on through multiple election cycles and even software upgrade cycles.

HERE ARE THE UNREDACTED HURSTI REPORTS:

http://www.bbvdocs.org/reports/BBVreportIIunredacted.pdf

http://www.bbvdocs.org/reports/BBVreportII-supplement-unredacted.pdf