14 DAY TRIAL // Older models of election machines designed and manufactured by Election Systems & Software LLC (ES&S) are still being used in more than half of US states although they have been proven to be vulnerable to remote attacks more than ten years ago.
According to The Wall Street Journal report, the vulnerable Model 650 high-speed ballot-counting machines can be compromised by threat actors using multiple security flaws found last month during the DefCon hacker conference, out of which two that can be exploited remotely stand out.
According to Harri Hursti, the security researcher who found out the Model 650 vulnerabilities, a bad actor can compromise the exploitable election machines using a network bug which would subsequently allow him to change the vote count.
As Hursti said, just a simple vote count change is enough because "if you make a small modification in a small number of counties, that’s enough to swing the state."
Model 650 ballot-counting machines from more than half of US states are vulnerable because of a decade-old security bug
The Model 650 voting machines can also be compromised by saving malicious files onto a storage device which would subsequently attack and hack into the election device.
Even though ES&S declares that they consider voting machines security as a top company priority and that they have been working with government officials to improve the security of the voting process, they hired their first cybersecurity expert this year, in April.
Moreover, both politicians and security expert have their doubts regarding ES&S' efforts to align the company's security policy with federal rules, primarily since they haven't even implemented well-established industry security standards designed to help fend off phishing attacks.
In ES&S' defense, the vulnerable Model 650 ballot-counting machines are out of production since 2008 and the only ones such machines still in use are those that US states have either bought and equipped at least a decade ago or those that some of the states deemed safe even after last month's DefCon report.