Researchers at the Department of Energy's Argonne National Laboratory have demonstrated an electronic "man in the middle" attack that allows remote tampering with the Diebold AccuVote voting system. Argonne's Vulnerability Assessment Team has previously exposed the same sort of vulnerability in Sequoia AVC machines in 2009, and believe the attack could be used against a wide range of voting machines.

The attack requires tampering with voting machine hardware, and allows for votes to be changed as the voter prepares to commit them. But the devices require no actual changes to the hardware—the hardware required to make the attacks can be attached and removed without leaving any evidence that it had ever been there. The electronics in the demonstrated attack are simply jacked in between two components on the Diebold's printed circuit board using existing connectors.

VAT team leader Roger Johnston said in a video posted by Brad Friedman of the voting watchdog site The Brad Blog that the physical security measures taken to protect voting machines in many states are inadequate to protect them from pre-Election Day tampering. "They're often kept a week or two before elections in a school or church basement,"Johnston said. And the modifications can be made without picking locks or breaking seals on the devices.

Diebold has a shaky security history. In 2004, Johns Hopkins University computer science professor Avi Rubin and a team of researchers revealed a broad set of cyber vulnerabilities in the AccuVote system. In the past, there have been suggestions that Diebold itself tampered with elections in Georgia in 2002.

But while cyber attacks would require a high level of sophistication, the electronic man-in-the-middle attack demonstrated by Argonne's VAT team requires only basic electronics skills, and about $10.50 worth of hardware. "Anybody with an electronics workbench could put this together," Argonne VAT team member John Warner said in the video.