Zero Hedge

Dominion Voting Systems machines used in at least 16 states have software weaknesses that make them vulnerable to hacking, the U.S. Cybersecurity and Infrastructure Agency (CISA) has warned election officials. 

According to AP, which obtained the CISA advisory ahead of an anticipated Friday release, the agency said it has no evidence these vulnerabilities have actually been exploited, but is urging states to implement measures to prevent and detect hacking.

“One of the most serious vulnerabilities could allow malicious code to be spread from the election management system to machines throughout a jurisdiction…The vulnerability could be exploited by someone with physical access or by someone who is able to remotely infect other systems that are connected to the internet if election workers then use USB sticks to bring data from an infected system into the election management system,” AP reports.

The 16 states weren’t identified. According to the company’s website, Dominion products are used in 28 states and nine of the 20 largest counties in the country. 

The CISA advisory was prompted by a 25,000-word report by J. Alex Halderman, a University of Michigan computer scientist. He prepared the report as an expert witness in a federal lawsuit filed by voting integrity activists who want Georgia’s machines replaced with paper ballots. The suit was filed in 2017 and is unrelated to any allegation of a specific hack.

Election-hackers could exploit other weaknesses to forge cards technicians use to access—and change—the machines’ software. “Attackers could then mark ballots inconsistently with voters’ intent, alter recorded votes or even identify voters’ secret ballots,” Halderman told AP.

State and federal election officials maintain they have no evidence that Dominion equipment was tampered with to change 2020 election tallies. Dominion is suing Fox News, Rudy Giuliani and others for defamation, over their suggestions the company’s voting machines enabled fraud in that election.

CISA is recommending that, in jurisdictions where the Dominion voting machines are used, officials should implement safeguards such as testing of machines before and after elections, post-election audits, and asking voters to confirm the readable portion of machine-generated paper ballots.

However, even according to the CISA advisory, voter confirmation of the human-readable, computer-generated paper ballot can be skirted by hackers. Automated counting of ballots is done by reading a QR code printed on them, and CISA warned that some of the software vulnerabilities could allow hackers to generate a code that’s “inconsistent with the human-readable portion of the paper ballot.”

Halderman’s report is being kept under seal; U.S. District Judge Amy Totenberg says she’s wary the report, if made public, would serve as a user’s manual for bad actors. Halderman’s report has been designated “attorneys’ eyes only,” which means even the parties to the suit aren’t allowed to read it.

[…]

Via https://www.zerohedge.com/political/dominion-voting-machines-16-states-vulnerable-hacks-cyber-agency