Researchers Assembled over 100 Voting Machines. Hackers Broke Into Every Single One.

A cybersecurity exercise highlights both new and unaddressed vulnerabilities riddling US election systems.

im Weber/The Commercial AppealZuma Press

Let our journalists help you make sense of the noise: Subscribe to the Mother Jones Daily newsletter and get a recap of news that matters.

A report issued Thursday by some of the country’s leading election security experts found that voting machines used in dozens of state remain vulnerable to hacks and manipulations, warning that that without continued efforts to increase funding, upgrade technology, and adopt voter-marked paper ballot systems, “we fear that the 2020 presidential elections will realize the worst fears only hinted at during the 2016 elections: insecure, attacked, and ultimately distrusted.”

The 47-page report is the product of researchers who organized a shakedown of voting machines at the annual DefCon conference, one of world’s biggest information security gatherings frequented by hackers, government officials, and industry workers. First incorporated into DefCon in 2017 with the aim of improving voting machine security, this year’s version of the now-annual “Voting Machine Hacking Village” assembled over 100 machines and let hackers loose to find and exploit their vulnerabilities. While election officials have criticized the effort’s utility as a testing ground, deriding it as a “pseudo environment,” some have seen value in letting machines’ flaws become more known and potentially lead to security improvements.

“Once again, Voting Village participants were able to find new ways, or replicate previously published methods, of compromising every one of the devices in the room,” the authors wrote, pointing out that every piece of assembled equipment is certified for use in at least one US jurisdiction. The report’s authors, some of whom have been involved with election machine security research going back more than a decade, noted that in most cases the participants tested voting equipment “they had no prior knowledge of or experience” in a “challenging setting ” with less time and resources than attackers would be assumed to marshal.

The report urges election officials to use machines relying on voter-marked paper ballots and pair those with “statistically rigorous post-election audits” to verify the outcome of elections reflects the will of voters. The authors also warn that supply chain issues “continue to pose significant security risks,” including cases where machines include hardware components of foreign origin, or where election administrators deploy foreign-based software, cloud, or other remote services. The report lands as officials in several states are working to upgrade election equipment, and as lawmakers in Washington, D.C. debate federal election security legislation and funding.

Ultimately, the report notes flaws that have been acknowledged for years.

“As disturbing as this outcome is, we note that it is at this point an unsurprising result,” the authors conclude. “However, it is notable—and especially disappointing—that many of the specific vulnerabilities reported over a decade earlier…are still present in these systems today.”

Read the full report below:

 
 



Voting Village Report defcon27 (Text)

THE TRUTH IS...

what drives Mother Jones' team of 50-plus journalists. The truth is powerful, as evidenced by how hard those with something to hide, or profit to gain, seek to discredit it. The truth, stated boldly and reported meticulously, is what draws so many readers to Mother Jones.

And the truth is, going into the final 4 days of the year we still needed to raise $TK to hit our $350,000 goal and start 2021 on track. It's nerve-wracking, wondering if the big spike we normally see at the end of December is going to be another thing that doesn't go as planned in 2020, or worse, if, now that Donald Trump is set to leave the White House (for longer than a taxpayer-funded golf trip to a property he owns), folks might be pulling back from fighting for the truth and a democracy and think the hard work is done.

It's not, and if you can right now, please consider a year-end donation to support our team's fearless nonprofit journalism so we can close that big fundraising gap and finish the year strong, ready for all that's ahead in 2021. Whether you can give $5 or $500, it all matters in keeping us charging hard, and we'd be grateful.

payment methods

THE TRUTH IS...

what drives Mother Jones' team of 50-plus journalists. The truth is powerful, as evidenced by how hard those with something to hide, or profit to gain, seek to discredit it. The truth, stated boldly and reported meticulously, is what draws so many readers to Mother Jones.

And the truth is, going into the final 4 days of the year we still needed to raise $TK to hit our $350,000 goal and start 2021 on track. It's nerve-wracking, wondering if the big spike we normally see at the end of December is going to be another thing that doesn't go as planned in 2020, or worse, if, now that Donald Trump is set to leave the White House (for longer than a taxpayer-funded golf trip to a property he owns), folks might be pulling back from fighting for the truth and a democracy and think the hard work is done.

It's not, and if you can right now, please consider a year-end donation to support our team's fearless nonprofit journalism so we can close that big fundraising gap and finish the year strong, ready for all that's ahead in 2021. Whether you can give $5 or $500, it all matters in keeping us charging hard, and we'd be grateful.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate