US cyber agency finds ‘vulnerabilities’ in voting machines – media

2 Jun, 2022 06:19 / Updated 2 years ago
Software used by Dominion Voting Systems is vulnerable to hacks, according to a federal report obtained by the Associated Press

Electronic voting machines used in at least 16 states have security flaws that could be exploited by hackers, a government cyber watchdog said, raising new questions about the software following allegations of widespread fraud and manipulation in the 2020 presidential race. 

A report by the US Cybersecurity and Infrastructure Agency (CISA) obtained by the Associated Press on Tuesday identified nine major loopholes in machines produced by Dominion Voting Systems, saying they could be vulnerable to hacks if left unaddressed. 

CISA maintained that it had no evidence the security flaws had ever been used to affect election results, and the agency’s executive director, Brandon Wales, told AP that “states’ standard election security procedures would detect exploitation of these vulnerabilities and in many cases would prevent attempts entirely.” 

Addressed to state election officials, the report nonetheless suggested that too little has been done to close the vulnerabilities, urging for “defensive measures to reduce the risk of exploitation” ahead of every election. It noted that some states that use the machines have been lax about the machines’ security.

While Dominion became deeply embroiled in the 2020 election controversy – during which former President Donald Trump and his allies repeatedly claimed that the firm’s machines had been tampered with to throw the race – the company has vocally denied that its systems were used improperly. It has launched a series of libel suits against those alleging otherwise, including former Trump lawyers Rudy Giuliani and Sidney Powell, some of them alongside fellow voting machine firm Smartmatic.

Most state and federal election officials also insisted that no widespread fraud took place in 2020, and a number of legal cases claiming malfeasance have been dismissed or withdrawn.

In attempts at “rumor control,” CISA has previously stressed that the “existence of a vulnerability in election technology is not evidence that the vulnerability has been exploited,” noting that all digital systems contain some security flaws. 

“Identified vulnerabilities should be taken seriously and mitigations implemented in a timely manner,” it said, but added that “it’s important to note that there is no indication that cyber vulnerabilities have contributed to any voting system deleting, losing, or changing votes.”

The affected Dominion voting machines are used by at least some voters in at least 16 states, in most cases for those physically unable to fill out a paper ballot by hand. In some states like Georgia, however, “almost all” in-person voting is done on the devices, according to AP.