The vulnerabilities in America’s voting systems are “staggering,” a group representing hackers warned lawmakers on Capitol Hill on Thursday — just over a month before the midterm elections. The findings are based on a project at the Voting Village at the Def Con hacking conference held in Las Vegas last month, where hackers were invited to attempt to break into voting machines and other equipment used in elections across the country. The hacking group claims they were able to break into some voting machines in two minutes and that they had the ability to wirelessly reprogram an electronic card used by millions of Americans to activate a voting terminal to cast their ballot. “This vulnerability could be exploited to take over the voting machine on which they vote and cast as many votes as the voter wanted,” the group claims in the report.
The security of America’s election infrastructure has come under increased scrutiny since 2016, when it emerged that Russian hackers had targeted state-level voting systems, in addition to hacking the emails of the Democratic Party and the Hillary Clinton campaign and orchestrating an elaborate disinformation campaign on social media.
A voting tabulation machine the group says is used in more than two dozen states is vulnerable to be remotely hacked, they said, claiming, “hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election.”
Additionally, the group says they identified another flaw in the same machine that had been used in the 2016 election. The issue had initially been identified a decade ago, prompting the group to complain that even when issues are detected, they are not fixed.
A spokesperson for the machine’s manufacturer, Election Systems & Software (ES&S), said that while the company is no longer manufacturing the machine in question, the M650, there are approximately 270 units actively in use in the U.S. Adding, “it has a solid, proven track record when used in a real election environment with proper physical controls.”
Speaking at a briefing on the report on Capitol Hill on Thursday, Rep. Jackie Speier, a member of the House Intelligence Committee, called the vulnerabilities in US election infrastructure a “travesty.” She said, “we were ripe for the plucking by the Russians [in 2016],” and warned that “we’re ripe for the plucking by the Russians, and the Chinese and the Iranians in future elections.”