US finds no evidence that Dominion voting machines were ever exploited
The United States has found no evidence that flaws in Dominion voting machines have ever been exploited, including in the 2020 election, according to a new newsletter released Friday by the Cybersecurity and Infrastructure Security Agency.
“While these vulnerabilities pose risks that should be mitigated as soon as possible, CISA has no evidence that these vulnerabilities have been exploited in elections,” the advisory reads.
In a statement friday, CISA Director Jen Easterly wrote, “Over the past week, we have been working with election officials on reports of vulnerabilities affecting certain versions of Dominion Voting Systems software. She continued, “Today we are releasing this information publicly.”
The ballot — circulated among state election officials earlier this week and publicly shared online Friday — marks the first time CISA has used its vulnerability disclosure program to probe voting machines. The program, first created in 2019, has reviewed and disclosed hundreds of vulnerabilities for commercial and industrial use, reported by researchers across the country and around the world.
According to Easterly, CISA is “closely engaged with election officials across the country to help them address these vulnerabilities by applying the mitigations recommended in the advisory.”
CISA has identified nine flaws in certain versions of Dominion Voting Systems’ ImageCast X software. The flaws, some of which stem directly from the design of the machine, are quite technical and would likely require any author to have direct, physical access to voting devices and/or other poll management equipment.
The CISA Councilpreviously reported by The Washington Post, recommends several mitigations for states using voting machines to detect or prevent exploitation of identified vulnerabilities.
The director noted in her statement that many of the mitigations recommended by CISA “are generally standard practice in the jurisdictions where these devices are used” and “are capable of detecting the exploitation of these vulnerabilities and, in many many cases, would prevent the attempts entirely if diligently enforced, making it highly unlikely that a malicious actor could exploit these vulnerabilities to affect an election.
The advisory also points out that there are a number of obstacles to exploiting flaws in voting machines.
“Exploitation of these vulnerabilities would require physical access to individual ImageCast X devices, access to the Election Management System (EMS), or the ability to modify files before they are downloaded to ImageCast X devices,” says the opinion. “Jurisdictions can prevent and/or detect the exploitation of these vulnerabilities by diligently applying the mitigations recommended in this advisory, including technical, physical, and operational controls that limit unauthorized access to or manipulation of systems. to vote.”
In a flaw identified by CISA, “the authentication mechanism used by voters to activate a voting session on the tested version of ImageCast X is susceptible to tampering,” according to the advisory. “An attacker could take advantage of this vulnerability to print an arbitrary number of ballots without authorization.”
The ImageCast X voting machine lets voters choose their favorite candidates on a touchscreen and then print out a paper record, similar to what voters did in Georgia in the 2020 election. But the device can also be used as a purely electronic voting machine, without a paper ballot.
Dominion Voting Systems, a maker of voting machines used in 28 states, fell into the spotlight following the 2020 election after supporters of former President Donald Trump claimed without evidence that such machines were used to tampering with ballots or rigging results in allegations debunked by facts. ladies. Top election officials — including the secretary of state and Republican governor of Georgia — have repeatedly insisted there is no evidence of violations or changes to election results. A Georgia judge previously dismissed a lawsuit alleging voter fraud in the 2020 election.
In January 2021, Dominion filed a $1.3 billion defamation lawsuit against attorney Sidney Powell, citing his repeated allegations that the company changed votes for Trump to votes for Biden. The company also sued former Trump campaign adviser Rudy Giuliani for making similar statements. The litigation remains ongoing.