For the past six years, Volkswagen has been advertising a lie: “top-notch clean diesel” cars — fuel efficient, powerful and compliant with emissions standards for pollutants. It turns out the cars weren’t so clean. They were cheating. The vehicles used software that cleverly put a lid on emissions during testing, but only then. The rest of the time, the cars spewed up to 40 times the legal limit of nitrogen oxide emissions. The federal government even paid up to $51 million in tax subsidies to some car owners on the false assumption of environmental friendliness. … Computational devices that are vulnerable to cheating are not limited to cars. Consider, for example, voting machines. Just a few months ago, the Virginia State Board of Elections finally decertified the use of a touch-screen voting machine called “AVS WinVote.” It turned out that the password was hard-wired to “admin” — a default password so common that it would be among the first three terms any hacker would try. There were no controls on changes that could be made to the database tallying the votes. If the software fraudulently altered election results, there would be virtually no way of detecting the fraud since everything, including the evidence of the tampering, could be erased.
If software is so smart and its traces of tampering are possible to erase, does this mean that we have no hope of catching cheaters? Not at all. We simply need to adopt and apply well-known methods for testing computing devices.
First, smart objects must be tested “in the wild” and not just in the lab, under the conditions where they will actually be used and with methods that don’t alert the device that it’s being tested. For cars, that means putting the emissions detector in the tail pipe of a running vehicle out on the highway. For voting machines that do not have an auditable paper trail, that means “parallel testing” — randomly selecting some machines on Election Day, and voting on them under observation to check their tallies. It is otherwise too easy for the voting machine software to behave perfectly well on all days of the year except, say, Nov. 8, 2016.
Full Article: Volkswagen and the Era of Cheating Software – The New York Times.