I was a member of the WebWise Security team that completed an analysis of the ES&S electronic voting system as part of the "Evaluation & Validation of Election-Related Equipment, Standards & Testing" (EVEREST) project. The study was commissioned by Ohio Secretary of State Jennifer Brunner, who issued a series of recommendations and options to address the study's findings.
Our testing consisted of a "red teaming" assessment of the security of the hardware and software that are part of the ES&S system. We were able to identify a number of serious vulnerabilities, and showed how they could be exploited to compromise the integrity of an election by developing a number of attacks. We also demonstrated how a virus could be created to infect and control electronic voting machines.
The project's findings, including our assessment of the ES&S system, have been published in a technical report. The Secretary of State released the public version of our report on December 14th, 2007.
The EVEREST project received considerable attention in the media. Here are the references to some of the articles, videos, and radio programs that covered the topic.