Voting machines subject to ‘staggering’ vulnerabilities: Report
Voting machines and election equipment in use across the United States are prone to a “staggering” number of vulnerabilities, including bugs that could be harnessed by hackers to potentially interfere in a U.S. presidential race, security researchers warned Thursday.
A report summarizing the results of the “Voting Village” held at this summer’s Def Con, the world’s largest hacking conference, said that attendees discovered dozens of vulnerabilities upon conducting a rare, hands-on inspection of 30 pieces of various election equipment currently used throughout the U.S., including an electronic ballot scanner deployed in more than half the country.
“A voting tabulator that is currently used in 26 states and the District of Columbia is vulnerable to be remotely hacked via a network attack,” the report said. “Because the device in question is a high-speed unit designed to process a high volume of ballots for an entire county, hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election .”
Attendees hacking the same used ballot scanner an M650 manufactured by Election Systems Software (ESS) found a second critical vulnerability disclosed to the vendor more than a decade earlier, opening the possibility of actively used machines being similarly prone.
ESS has stopped manufacturing the product, and approximately 270 units are actively in use in the U.S., the company told The Wall Street Journal.
The M650 “has a solid, proven track record when used in a real election environment with proper physical controls,” ESS said in a statement.
“The totality of security measuressuch as voting machines never being connected to the internet, tamper-resistant seals, along with more advanced technology found in newer equipmentprovides for an environment that would be difficult to compromise without detection,” ESS added.
The report’s authors argued otherwise, however, and said that a Voting Village researchers managed to pick the lock on the back of an M650 and subsequently gain full access to its computer system in under a minute.
“There was no other type of tamper-evident security on the machine. Physical security such as this lock, even in a small county office, is not sufficient to protect voting systems,” the report said.
Another machine used in 18 states, meanwhile, was hacked in hardly two minutes, the report said around one-third the time it takes the average voter to cast a ballot.
“This indicates one could realistically hack a voting machine in the polling place on Election Day within the time it takes to vote,” the report’s authors wrote.
Russian hackers probed election systems during the course of a state-sponsored attack targeting the 2016 U.S. presidential race, according to U.S. intelligence and law enforcement officials, and the Trump administration has warned that Moscow stands to similarly meddle in the November midterms.
In addition to hacking the Democratic National Committee and the chairman of candidate Hillary Clinton’s campaign, among others, Russian hackers allegedly breached victims during the race including a U.S. company that manufactures elected-relation software and hardware, officials previously concluded.
No vote tallies were altered as a result of the alleged Russian hacking, according to U.S. officials.