This article originally appeared in CPO Magazine on August 22, 2019.
There has been much talk in the media about interference in United States presidential elections, but most of it has centered around the use of media and disinformation to influence votes. There is a widespread assumption that the voting machines themselves are safe from hacking; though many are electronic, these election systems are not supposed to be connected to the internet.
A new report from Vice’s Motherboard indicates that these systems are not nearly as secure as anyone thought they were, including election officials. Researchers told Motherboard that a particular type of election system that is only supposed to connect to the internet for several minutes to transfer votes has been found to sometimes stay connected for months, and in some cases these machines were constantly connected and were exposed for at least a year.
Which election systems are vulnerable?
The election systems found to be vulnerable are made by a specific manufacturer: Election Systems & Software (ESS). ESS is the largest voting systems company in the country, with at least 260,000 machines in place in 21 states including in some swing states. Security researchers found backend systems that were connected to the internet when they were not supposed to be, distributed across a number of states including the key “battleground” centers of Florida, Michigan and Wisconsin.
Researchers found 35 systems in 10 states have been confirmed at this point to have been connected to the internet when they were not supposed to be. 19 were still online when the Vice article went to press.
This isn’t the first time ESS has made the news for a voting system vulnerability. In early 2018, it was discovered that the company had installed remote access software on election management systems for troubleshooting purposes yet had denied to the media they had ever done so.
How vulnerable are these election systems?
As with most electronic election systems, votes are stored on a local memory card that is meant to be removed by poll workers after the polls close and brought to the county election office for counting. Some counties opt to transmit these votes electronically to get their results in faster, however.
To transmit the votes, these systems are supposed to only briefly connect to the internet two times – once before the polls open to verify that the connection is working, and then again after the polls close to transmit the votes. In both cases, these election systems should be connected to the internet for no more than a few minutes to perform these functions.
Some of the 35 systems identified by the researchers had been connected to the internet for months, and others appeared to simply be online all the time. These systems are protected by a firewall, but that firewall is only meant to be guarding transmission for a few minutes at a time. With enough time to work on it, hackers could very well breach the firewall and alter election results.
The fact that the backend systems remain connected to the internet is critical. This allows hackers full access to the tabulation of votes from the memory cards installed in the machines and the reporting of the final results. With a lower level of access, hackers might only be able to change the unofficial count to sow unrest in the population. With full access to the backend system, hackers could change the official count or distribute malware to voting systems.
The potential for this sort of vulnerability has been known for some time, but ESS has assured election officials that their backend systems are “air gapped” from the internet. The findings of the security researchers contradict that statement. The system appears to rely entirely on the firewall to keep hackers out of the backend while online. If the firewall is breached, the hackers have access.
ESS insists that its election systems are not vulnerable, responding to Motherboard with a public statement. There are currently no reports or evidence of hacking of any of these election systems, but the fact that the vulnerability exists in the top voting machine company is worrying enough.
Who discovered the vulnerability?
The internet-connected systems were discovered by security researcher Kevin Skoglund, an independent web developer and election integrity advocate, along with a group of election security professionals.
The team began researching state election systems in July 2018, looking to verify public statements by equipment manufacturers and election officials that transfer of vote counts was not done over the internet and these systems are never connected to it. After discovering that ESS systems do in fact use the internet to transfer counts (thanks to a public document on file with the Rhode Island state government), the researchers began probing to see if they could locate the backend systems online.
It is possible that there are more than 35 systems connected in this way, as the researchers relied on automatic scanning techniques that can be blocked. A system that is blocking automated scans can still potentially be reached by a hacker, however.
Closing the security hole
Can this vulnerability be addressed before the polls open in 2020? Can Americans feel confident in the integrity of their elections? Usman Rahim, Digital Security and Operations Manager for The Media Trust, had this to say:
“Our digital elections system doesn’t have a single point of failure—it has many – largely because the system appears to have been designed without prioritizing security and privacy. What’s most disturbing is that even as vendors claim the system isn’t connected to the internet, they provide documents that show otherwise. In addition, there’s the potential for configuration problems—an all too frequent error–USB drives infected with malware, brute force attacks to get around passwords, firewalls with unpatched software, outdated server software, no oversight of how well vendors install the system, configuration for transmitting election results not certified by Election Assistance Commission (EAC) although one wonders what good that would do if they don’t have cybersecurity experts to alert them when something’s afoot. Another significant problem is that state and local governments suffer from chronic budget cuts that prevent it from putting more stringent security measures in place and thoroughly vetting machines before putting them to use and in so doing, exposing these systems—not to mention voters–to sustained attacks from bad actors and nation-state adversaries.”
These ESS systems do not have to be connected to the internet; it is up to each individual county to decide if they want to use that feature. Ideally, transmissions of vote totals would be done directly with a modem connection rather than over the internet – a feature that some election security experts had been claiming was in place when it was not.
U.S. voting machines are assumed to be safe from #hackers yet many are found to be constantly connected to Internet and exposed for at least a year. #respectdata
CLICK TO TWEET
Election security has been a contentious issue in Congress as of late. Republican senators led by Senate Majority Leader Mitch McConnell have blocked a set of bills meant to shore up election systems before the 2020 elections. McConnell has labeled these bills as “partisan.” Among other things the bills would have banned any type of electronic transmission of votes (including by modem), completely disconnected all election systems software from telecommunications networks, require the use of paper ballots, provide increased funding for election security and required campaigns to report offers of aid from foreign governments.