According to a study from a top U.S. cybersecurity agency, electronic voting machines from a leading vendor contain software vulnerabilities that might be exploited by hackers if the flaws are not remedied quickly. A Cybersecurity and Infrastructure Agency (CISA) study shared with the Associated Press, revealed that Dominion Voting Systems hardware in at least 16 states has nine vulnerabilities that must be patched to avoid exploitation in future elections. The agency issued a list of suggestions to avoid hacking in the middle of a midterm election year, following the “stolen” election allegations from the 2020 election, which were largely ignored by election authorities and the courts.
The report stated that “When barcodes are used to tabulate votes, they may be subject to attacks exploiting the listed vulnerabilities such that the barcode is inconsistent with the human-readable portion of the paper ballot.” The research suggests that election authorities undertake thorough pre- and post-election testing on the machines, conduct post-election audits, verify that machines are constantly secure, and encourage voters to double-check that their votes are readable before scanning. The recommendation indicates that these precautions must be undertaken before each election.
J. Alex Halderman, a computer science professor at the University of Michigan, conducted the research and highlighted suspected vulnerabilities in Dominion equipment. He stated, “There are systemic problems with the way election equipment is developed, tested, and certified, and I think it’s more likely than not that serious problems would be found in equipment from other vendors if they were subjected to the same kind of testing.” Halderman also did a similar election machine investigation following the 2020 election in Michigan. He was given access to Dominion voting technology in Fulton County and wrote a 25,000-word report. He discovered that malicious software could be installed in voting touchscreens to alter QR codes printed on ballots that are then scanned to record votes, or that hackers could gain access to election management system computers.
Dominion previously informed CISA officials that the report’s flaws had been addressed in more recent software versions. Officials say it’s unclear whether all of the states have resolved all of the issues. Affected devices are still in use in at least 16 states, mostly for voters who are physically unable to cast paper votes. However, in certain places, such as Georgia, nearly all in-person voting devices have been impacted.
The advisory, which is set to be announced on Friday, comes in the wake of long-running litigation in Georgia that aims to force the state to abandon electronic voting machines in favor of hand-marked paper ballots. Mike Lindell, the CEO of MyPillow, who is being sued by Dominion for defamation is seeking an unredacted copy of a study exposing suspected weaknesses in Dominion equipment, which he believes was hacked during the 2020 election.