Login
Hackers Expose Voting Machine Flaws, No Quick Fix
Bite-Sized Cybersecurity Blog
Blog
August 19, 2024
Hackers Expose Voting Machine Flaws, No Quick Fix

While the DEF CON conference in August has been a critical venue for pointing out security weaknesses in voting machines, there has been a big challenge in addressing the identified vulnerabilities in a timely manner. Despite ongoing efforts by hackers—who come together at DEF CON’s “Voting Village” to uncover these weaknesses—the long process required to fix these issues means that changes often aren’t implemented until the next election cycle. This is especially problematic as we near the 2024 election, given both increased concerns about foreign interference and lingering claims—unsubstantiated by any evidence—of election fraud arising from the 2020 presidential election. At DEF CON’s Voting Village, hackers and election officials come together to try out the security of some voting machines and other equipment.

Participants attempt to break into the firewalls and security features of these systems, identifying the various loopholes that might be used to their detriment. However, this event is conducted with tight security, given the previous experience of the harassment that it has received from election denialists who consider the hackers’ revelation as a grave threat to democracy. In this respect, this exercise is not of much predicament as it has gained attention in Washington and found to be an essential source in enhancing the safety of the voting systems. As in past years, participants in the Voting Village have turned up a host of vulnerabilities in voting machines; a detailed report on these findings will be released soon. This is happening at a time when there are increased concerns about foreign and criminal interference in U.S. elections.

While no concrete evidence has been put forth regarding foreign cyber-attacks to disrupt the voting machines or the results for that matter. Risks are raised through this slow process of addressing vulnerabilities, mostly mitigated by the likelihood of a need for manufacturers to approve fixes and recertify systems. Organizers and participants in the Voting Village bemoan how slowly changes come. Despite years of identified vulnerabilities, the major issue at hand was the fact that vendors of voting machines were perceived not to be moving very quickly to address these issues. The complex, lengthy, and laborious system of voting system certification explains well the difficulty inherent in establishing necessary updates within the necessary timeframe before an election.

This problem is further compounded by the fact that voting machines are often wrapped up and put into lock down weeks before the actual vote; this is rather problematic for addressing newly found problems in the system. There are proposals to streamline the process of fixing vulnerabilities in voting machines, such as creating more formalized partnership between vendors and security researchers. One prominent model along this line was a joint project of the Elections Industry Special Interest Group, which brought vendors together with hackers to build trust and establish protocols for coordinated vulnerability disclosure. Although these were important, the problems for assuring voting systems remained very significant.

Related Posts

Bite-Sized Offensive Cybersecurity Newsletter

We value your time and deliver only the most interesting and impactful updates straight to your inbox. No spam. Unsubscribe anytime.

Join over 10,000 people who have already subscribed.

Newsletter