Why your vote can’t be “hacked,” with Cait Conley of CISA (Lock and Code S05E23)

This week on the Lock and Code podcast … The US presidential election is upon the American public, and with it come fears of "election interference." But "election interference" is a broad term. It can mean the now-regular and expected foreign disinformation campaigns that are launched to sow...

Andrew Appel on New Hampshire’s Election Audit

Really interesting two part analysis of the audit conducted after the 2020 election in Windham, New Hampshire. Based on preliminary reports published by the team of experts that New Hampshire engaged to examine an election discrepancy, it appears that a buildup of dust in the read heads of...

On the Insecurity of ES&S Voting Machines’ Hash Code

Andrew Appel and Susan Greenhalgh have a blog post on the insecurity of ES&Ss software authentication system: It turns out that ES&S has bugs in their hash-code checker: if the "reference hashcode" is completely missing, then itll say "yes, boss, everything is fine" instead of reporting an error...

Georgia’s Ballot-Marking Devices

Andrew Appel discusses Georgias voting machines, how the paper ballots facilitated a recount, and the problem with automatic ballot-marking devices: Suppose the polling-place optical scanners had been hacked enough to change the outcome. Then this would have been detected in the audit, and in...

From the Dorm Room to the White House: How Researcher Jack Cable Works to Ensure Election Security

In a recent episode of Security Nation, Rapid7 welcomed Jack Cable, a junior at Stanford University and employee of the U.S. Cybersecutiy and Infrastructure Security Agency, to discuss the importance of ensuring election security beyond just voting machines. Read on as he shares how to fight...

Cybercriminals Step Up Their Game Ahead of U.S. Elections

With the U.S. presidential elections a mere few weeks away, the security industry is hyper-aware of security vulnerabilities in election infrastructure, cyberattacks against campaign staffers and ongoing disinformation campaigns. Past direct hacking efforts, such as the attack on the Democratic...

Shoring Up the 2020 Election: Secure Vote Tallies Aren't the Problem

With the 2020 U.S. Presidential Election coming up in just two months, cybersecurity concerns are taking center stage for average citizens and politicians. That said, the likelihood of election results being impacted by an attack are slim, security researchers say. The focus should be on other...

Breaking Down Election Security: Points of Vulnerability and Solutions

The importance of cybersecurity in the context of the democratic process has become undeniable—with nation-state hackers setting their sights on elections as effective vehicles for attack, disruption, and social unrest. Christopher Wray, the Director of the FBI, testified to Congress that U.S...

Email Voted a Weak Link for Election Security, with DMARC Lagging

As the 2020 Presidential election looms closer in the United States, a key focus will be on securing election infrastructure to prevent tampering. In a recent analysis, researchers found that email remains a potential weak link, with most counties failing to implement DMARC protections. DMARC whi...

Election Machine Insecurity Story

Interesting story of a flawed computer voting machine and a paper ballot available for recount. All ended well, but only because of that paper backup. Vote totals in a Northampton County judge's race showed one candidate, Abe Kassis, a Democrat, had just 164 votes out of 55,000 ballots across mor...

A week in security (September 23 – 29)

Last week on Labs, we highlighted an Emotet campaign using Snowden’s new book as a lure, discussed how 15,000 webcams are vulnerable to attack, how insurance data security laws skirt political turmoil, and how the new iOS exploit checkm8 allows permanent compromise of iPhones. Other cybersecurity...

Some Voting Machines Still Have Decade-Old Vulnerabilities

The results of the 2019 Defcon Voting Village are in—and they paint an ugly picture for voting machine security...

Election Security Threats: From Misinformation to Voting Machine

Election security continues to be a top concern – from social media misinformation campaigns, to vulnerabilities in the actual voting machines themselves. At Black Hat USA 2019, Threatpost caught up with Matt Olney, director of threat intelligence at Cisco Talos, to discuss the challenges that...

States Need Way More Money to Fix Crumbling Voting Machines

“We are driving the same car in 2019 that we were driving in 2004, and the maintenance costs are mounting,” one South Carolina election official told researchers...

Buying Used Voting Machines on eBay

This is not surprising: This year, I bought two more machines to see if security had improved. To my dismay, I discovered that the newer model machines -- those that were used in the 2016 election -- are running Windows CE and have USB ports, along with other components, that make them even easie...

I Bought Used Voting Machines on eBay for $100 Apiece. What I Found Was Alarming

Opinion: The fact that voter information is left on devices, unencrypted, that are then sold on the open market is malpractice...

Voting Machines Are Still Absurdly At Risk

A new report details dozens of vulnerabilities across seven models of voting machines—all of which are currently in use...

ThreatList: Almost All Security Pros Believe Election Systems Are at Risk

As the U.S. midterm election season gets underway in earnest, concerns about the ability to hack the vote is more in the spotlight than ever. A fresh survey from Venafi has found that a full 93 percent of security pros are concerned about cyber-attacks targeting election infrastructure. The poll,...

Suing South Carolina Because Its Election Machines Are Insecure

A group called Protect Democracy is suing South Carolina because its insecure voting machines are effectively denying people the right to vote. Note: I am an advisor to Protect Democracy on its work related to election cybersecurity, and submitted a declaration in litigation it filed, challenging...

Voting Machines Hacked with Ease at DEF CON

LAS VEGAS—Hackers at DEF CON last week made quick work of finding vulnerabilities in electronic pollbooks and voting machines, needing just 90 minutes to find exploitable flaws in every piece of voting equipment. More than 30 machines were available for hackers to crack at the conference’s Voting...