Researchers Assembled over 100 Voting Machines. Hackers Broke Into Every Single One.

A cybersecurity exercise highlights both new and unaddressed vulnerabilities riddling US election systems.

im Weber/The Commercial AppealZuma Press

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.

A report issued Thursday by some of the country’s leading election security experts found that voting machines used in dozens of state remain vulnerable to hacks and manipulations, warning that that without continued efforts to increase funding, upgrade technology, and adopt voter-marked paper ballot systems, “we fear that the 2020 presidential elections will realize the worst fears only hinted at during the 2016 elections: insecure, attacked, and ultimately distrusted.”

The 47-page report is the product of researchers who organized a shakedown of voting machines at the annual DefCon conference, one of world’s biggest information security gatherings frequented by hackers, government officials, and industry workers. First incorporated into DefCon in 2017 with the aim of improving voting machine security, this year’s version of the now-annual “Voting Machine Hacking Village” assembled over 100 machines and let hackers loose to find and exploit their vulnerabilities. While election officials have criticized the effort’s utility as a testing ground, deriding it as a “pseudo environment,” some have seen value in letting machines’ flaws become more known and potentially lead to security improvements.

“Once again, Voting Village participants were able to find new ways, or replicate previously published methods, of compromising every one of the devices in the room,” the authors wrote, pointing out that every piece of assembled equipment is certified for use in at least one US jurisdiction. The report’s authors, some of whom have been involved with election machine security research going back more than a decade, noted that in most cases the participants tested voting equipment “they had no prior knowledge of or experience” in a “challenging setting ” with less time and resources than attackers would be assumed to marshal.

The report urges election officials to use machines relying on voter-marked paper ballots and pair those with “statistically rigorous post-election audits” to verify the outcome of elections reflects the will of voters. The authors also warn that supply chain issues “continue to pose significant security risks,” including cases where machines include hardware components of foreign origin, or where election administrators deploy foreign-based software, cloud, or other remote services. The report lands as officials in several states are working to upgrade election equipment, and as lawmakers in Washington, D.C. debate federal election security legislation and funding.

Ultimately, the report notes flaws that have been acknowledged for years.

“As disturbing as this outcome is, we note that it is at this point an unsurprising result,” the authors conclude. “However, it is notable—and especially disappointing—that many of the specific vulnerabilities reported over a decade earlier…are still present in these systems today.”

Read the full report below:

 
 



Voting Village Report defcon27 (Text)

WE'LL BE BLUNT:

We need to start raising significantly more in donations from our online community of readers, especially from those who read Mother Jones regularly but have never decided to pitch in because you figured others always will. We also need long-time and new donors, everyone, to keep showing up for us.

In "It's Not a Crisis. This Is the New Normal," we explain, as matter-of-factly as we can, what exactly our finances look like, how brutal it is to sustain quality journalism right now, what makes Mother Jones different than most of the news out there, and why support from readers is the only thing that keeps us going. Despite the challenges, we're optimistic we can increase the share of online readers who decide to donate—starting with hitting an ambitious $300,000 goal in just three weeks to make sure we can finish our fiscal year break-even in the coming months.

Please learn more about how Mother Jones works and our 47-year history of doing nonprofit journalism that you don't find elsewhere—and help us do it with a donation if you can. We've already cut expenses and hitting our online goal is critical right now.

payment methods

WE'LL BE BLUNT

We need to start raising significantly more in donations from our online community of readers, especially from those who read Mother Jones regularly but have never decided to pitch in because you figured others always will. We also need long-time and new donors, everyone, to keep showing up for us.

In "It's Not a Crisis. This Is the New Normal," we explain, as matter-of-factly as we can, what exactly our finances look like, how brutal it is to sustain quality journalism right now, what makes Mother Jones different than most of the news out there, and why support from readers is the only thing that keeps us going. Despite the challenges, we're optimistic we can increase the share of online readers who decide to donate—starting with hitting an ambitious $300,000 goal in just three weeks to make sure we can finish our fiscal year break-even in the coming months.

Please learn more about how Mother Jones works and our 47-year history of doing nonprofit journalism that you don't find elsewhere—and help us do it with a donation if you can. We've already cut expenses and hitting our online goal is critical right now.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate