The vulnerability was discovered on a practice site set up by the commission. The source code for the actual system hasn’t been made available, but Teague said it was “identical”.
Teague and her colleague, University of Michigan computer science professor Alex Halderman, alerted the commission, and the vulnerable code was deleted from the system by 2pm on Saturday.
Advertisement “But during the time before they closed off the hole, about 66,000 votes were cast, and now all of those are going to have be somewhat in question because of the nature of the vulnerability,” Halderman said.
It was impossible to know if there were other flaws without seeing iVote’s source code and verification system, he said. “It’s a secret how it works. There could well be other vulnerabilities of similar severity and we don’t know.”