Researchers Assembled over 100 Voting Machines. Hackers Broke Into Every Single One.

A cybersecurity exercise highlights both new and unaddressed vulnerabilities riddling US election systems.

im Weber/The Commercial AppealZuma Press

For indispensable reporting on the coronavirus crisis and more, subscribe to Mother Jones' newsletters.

A report issued Thursday by some of the country’s leading election security experts found that voting machines used in dozens of state remain vulnerable to hacks and manipulations, warning that that without continued efforts to increase funding, upgrade technology, and adopt voter-marked paper ballot systems, “we fear that the 2020 presidential elections will realize the worst fears only hinted at during the 2016 elections: insecure, attacked, and ultimately distrusted.”

The 47-page report is the product of researchers who organized a shakedown of voting machines at the annual DefCon conference, one of world’s biggest information security gatherings frequented by hackers, government officials, and industry workers. First incorporated into DefCon in 2017 with the aim of improving voting machine security, this year’s version of the now-annual “Voting Machine Hacking Village” assembled over 100 machines and let hackers loose to find and exploit their vulnerabilities. While election officials have criticized the effort’s utility as a testing ground, deriding it as a “pseudo environment,” some have seen value in letting machines’ flaws become more known and potentially lead to security improvements.

“Once again, Voting Village participants were able to find new ways, or replicate previously published methods, of compromising every one of the devices in the room,” the authors wrote, pointing out that every piece of assembled equipment is certified for use in at least one US jurisdiction. The report’s authors, some of whom have been involved with election machine security research going back more than a decade, noted that in most cases the participants tested voting equipment “they had no prior knowledge of or experience” in a “challenging setting ” with less time and resources than attackers would be assumed to marshal.

The report urges election officials to use machines relying on voter-marked paper ballots and pair those with “statistically rigorous post-election audits” to verify the outcome of elections reflects the will of voters. The authors also warn that supply chain issues “continue to pose significant security risks,” including cases where machines include hardware components of foreign origin, or where election administrators deploy foreign-based software, cloud, or other remote services. The report lands as officials in several states are working to upgrade election equipment, and as lawmakers in Washington, D.C. debate federal election security legislation and funding.

Ultimately, the report notes flaws that have been acknowledged for years.

“As disturbing as this outcome is, we note that it is at this point an unsurprising result,” the authors conclude. “However, it is notable—and especially disappointing—that many of the specific vulnerabilities reported over a decade earlier…are still present in these systems today.”

Read the full report below:

 
 



Voting Village Report defcon27 (Text)

Thank you!

We didn't know what to expect when we told you we needed to raise $400,000 before our fiscal year closed on June 30, and we're thrilled to report that our incredible community of readers contributed some $415,000 to help us keep charging as hard as we can during this crazy year.

You just sent an incredible message: that quality journalism doesn't have to answer to advertisers, billionaires, or hedge funds; that newsrooms can eke out an existence thanks primarily to the generosity of its readers. That's so powerful. Especially during what's been called a "media extinction event" when those looking to make a profit from the news pull back, the Mother Jones community steps in.

The months and years ahead won't be easy. Far from it. But there's no one we'd rather face the big challenges with than you, our committed and passionate readers, and our team of fearless reporters who show up every day.

Thank you!

We didn't know what to expect when we told you we needed to raise $400,000 before our fiscal year closed on June 30, and we're thrilled to report that our incredible community of readers contributed some $415,000 to help us keep charging as hard as we can during this crazy year.

You just sent an incredible message: that quality journalism doesn't have to answer to advertisers, billionaires, or hedge funds; that newsrooms can eke out an existence thanks primarily to the generosity of its readers. That's so powerful. Especially during what's been called a "media extinction event" when those looking to make a profit from the news pull back, the Mother Jones community steps in.

The months and years ahead won't be easy. Far from it. But there's no one we'd rather face the big challenges with than you, our committed and passionate readers, and our team of fearless reporters who show up every day.

We Recommend

Latest

Sign up for our newsletters

Subscribe and we'll send Mother Jones straight to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate

We have a new comment system! We are now using Coral, from Vox Media, for comments on all new articles. We'd love your feedback.