An anonymous reader writes "Every time a bunch of academics show vulnerabilities in electronic voting machines the critics complain that the attacks aren't realistic, that attackers won't have access to source code, or design documents, or be able to manipulate the hardware, etc.
So this time a bunch of computer scientists from UCSD, Michigan and Princeton offer a rebuttal. They completely 0wn the AVC Advantage using no access to source code or design documents and deliver a complete working attack in a plug in cartridge that could be used by anyone with a few private minutes with the machine. Moreover, they came up with some cool tricks to do this on a machine protected against traditional code injection attacks (the AVC processor will only execute instructions from ROM).
Paper from this weeks USENIX EVT here."