No measure has been taken to solve this flaw
We all prefer to think that the voting systems in our countries are efficient and that the votes counting are always accurate. Whether the vote is issued through a paper ballot or even electronically, there must be some confidence measure involved in the process.
But what would happen if we could no longer have confidence in the way in which people’s votes are counted? Would that change the way we see the whole process?
It is normal to think that the government would do anything as long as these electoral processes are carried out without security drawbacks. The worrying thing is that apparently that’s not the case. It turns out that experts in digital forensics have reported the existence of a serious vulnerability affecting voting machines; even worse, its existence was reported 11 years ago and nothing has yet been done to correct it.
The problem affects the M650 high-speed ballot scanner, which is made by Election Systems & Software and is used in 23 out of the 50 American states. The disturbing findings were summarized by digital forensics specialists in the most recent DEF CON in Las Vegas.
These machines can be hacked with an infected removable Zip drive that could transmit malware. The machines also have a built-in network port that can also be used to transmit an infection.
According to researchers, the M650 scanner counts ballots for entire counties, which means that if the device is compromised, the attack could easily impact an election. This leads us to ask why no one has done anything to fix this flaw if it was reported since 2007.
M650 is not the only security concern
In many ways, this machine, which scans about 3000 ballots per minute, is a symbol of what is considered an obsolete electoral infrastructure. For many reasons, the technology used to count the votes has not kept pace with current cybersecurity demands.
Election Systems & Software, manufacturer of the M650, believes that its security protections are strong enough for hacking these devices to be very difficult, especially in a real world environment. Being questioned about why this vulnerability has not been corrected after so long, the company did not make any statement, although they recently stopped announcing this team on their website.
Still, digital forensics experts from the International Institute of Cyber Security consider that these types of problems will not disappear soon, because this vulnerability is not the only or the most serious security problem of the current electronic voting infrastructure. In the meantime, the voters will be compromised until someone does something. Touchscreen voting machines have been shown to be vulnerable previously, and now the ballot scanning machines seem to be vulnerable too.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.