In the 2020 election:
- 26 states will offer both BMDs and DRE voting machines (including Washington DC)
- 21 states will not allow DRE voting machines
- Only 5 states will solely offer DREs
The high cost of DREs and BMDs have caused some states to utilize known vulnerable machines.
- The ES&S AutoMARK runs the 2004 operating system Windows CE 5.0 and contains several vulnerabilities. This machine was used in 28 states in the 2018 election.
- The ES&S ExpressPoll Tablet Electronic Pollbook stores its encryption keys in plain text. This allows an attacker to easily decrypt or spoof the stored voting data. This machine was used in at least four states in 2018.
- The Diebold AccuVote-TSx is vulnerable to privilege escalation (an attack that allows users to gain unauthorized elevated access) through removal of the card reader. The AccuVote-TSx was used in 18 states in 2018.
One caveat to these discussed vulnerabilities is that currently known attacks are only achievable in person. An attacker must have physical access to the machine to conduct the attack within a very short period as to not arouse suspicion. This greatly increases the difficulty of a successful exploit, especially at polling locations where personnel have been trained to observe voters for suspicious behavior while inside the voting station.
To minimize the chance that your vote is affected if a machine is compromised, observe the electronic polling booth you’ve been assigned for any obvious signs of misuse or wear (for example, Teflon knives may remove the adhesive from tamper seals). If a polling station displays an error or appears to respond erratically, be sure to notify election personnel. Election officials may choose to redirect voters to other voting booths or escalate the issue to someone better equipped to determine the root cause of an incident.
These concerns on the security of our polling machines are just one of many cybersecurity concerns in the world today. Whether you’re looking to strengthen your entire network security program or update your awareness training, our team at LBMC Information Security can help. Feel free to check out our library of resources and podcasts, which provide specific insights you can use to enhance every area of cybersecurity. Connect with our team today to learn more about how we can help develop a security program plan or training framework.