Experts: U.S. voting machines still vulnerable to 11-year-old flaw

Image: Wikimedia Commons/ InformationvsInjustice

Sept. 29 (UPI) — Although election officials now take cybersecurity more seriously, some voting machines in the United States are still vulnerable to attack from a flaw that was found over a decade ago, new research said.

The flaw was among several listed in a report Thursday by cybersecurity convention DEFCON, which said the glitch was first identified in 2007 in Ohio.

“If an IT person inserts one of the malicious disks into [a machine] without reformatting it first, the update file will immediately and silently install the malicious software,” the report stated. “It is very doubtful that the operators of [machines] all over the U.S. are aware of the necessity of this precaution.”

Thursday’s was DEFCON’s second annual report on voting machines since the 2016 election.

Overall, the report lists vulnerabilities in seven models of voting machines and counters, ranging from weak password protection to remote access.

Among the key findings, “a voting tabulator that is currently used in 26 states and the District of Columbia is vulnerable to be remotely hacked via a network attack,” the 49-page report stated. “Because the device in question is a high-speed unit designed to process a high volume of ballots for an entire county, ​hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election​.”

A second flaw in the same device “was disclosed to the vendor a decade ago,” but that machine was used in 2016 and still contains the flaw, the report said.

“Another machine used in 18 states was able to be hacked in only two minutes, while it takes the average voter six minutes to vote.”

“We didn’t discover a lot of new vulnerabilities,” Matt Blaze, one of the report’s authors, said. “What we discovered was vulnerabilities that we know about are easy to find, easy to re-engineer, and have not been fixed over the course of more than a decade of knowing about them.

“To me, that is both the unsurprising and terribly disturbing lesson that came out of the Voting Village.”

The report also made recommendations like preparing for potential attacks and working more closely with the information technology community. It also urged national security leaders and Congress to take action “to codify basic security standards like those developed by local election officials.” It also asks Congress to fund more election security measures.

LEAVE A REPLY

Please enter your comment!
Please enter your name here