Concerns about the fragility of US electronic voting systems to cyberattacks go back to 2002 when the Help America Vote Act was passed mandating the replacement of lever-based machines and punchcards with more modern voting equipment. Those concerns have been greatly amplified this election season with reports of attacks on voter registration systems in some 20 states and intrusions into the Democratic National Committee’s computers by hackers believed to be out of Russia. The attacks have stirred considerable fears about foreign adversaries and nation-state actors somehow disrupting the elections and even manipulating the outcome of the voting to favor one of the two major party candidates. … In all states but five, a vast majority of the electronic voting equipment that voters use will have paper backups. Some voters will use what are known as Direct-Recording Electronic (DRE) voting systems to cast their votes electronically. Others will mark their choices on a paper ballot and feed it into an optical scanner that will do the ballot counting. In both cases, voters and election officials will have a so-called Voter Verifiable Paper Audit trail that will provide a reliable backup even if the machines fail or are somehow compromised.
Pre-election integrity tests and post-election audits and checks should help spot discrepancies and errors as well, the NASS has noted while cautioning against a loss of public confidence in the US voting system. Despite such reassurances, security analysts point to several weaknesses in electronic voting systems that attackers could take advantage of to cause varying degrees of problems.
… Many voting machines designed in the 1990s and 2000s, and which are scheduled for use in the upcoming election, use flash memory to store and update the ballot definition file. A lot of these systems are enabled to receive software updates in the same way they receive the ballot files — via cartridge or a memory card. This opens an opportunity for an attacker to slip a malicious program into a voting machine that causes it to miscount votes, according to Andrew Appel, professor of computer science at Princeton University’s Center for Information Technology Policy.
… Some older voting machines are easy to tamper with physically. Earlier this year Princeton’s Appel and graduate student Alex Haldermandemonstrated how someone with physical access to a Sequoia AVC Advantage voting system could easily break into it and swap out the system’s firmware with their own. The system is slated for use in Pennsylvania, Virginia, New Jersey and Louisiana in November. The duo showed how an attacker could break the lock on the system in less than 10 seconds, pry out the four ROM chips in it using an ordinary screwdriver, and replace it with rogue chips all in about seven minutes. The highly proprietary nature of these systems makes it very hard to know when they have been tampered with.
Full Article: 7 Ways Electronic Voting Systems Can Be Attacked.