An election expert has demonstrated the simplicity of hacking a Dominion Voting Systems machine by using nothing more than a pen to change votes.
University of Michigan Professor of Computer Science and Engineering J. Alex Halderman hacked the machine in front of U.S. District Judge Amy Totenberg in an Atlanta, Georgia court.
The case is a lawsuit from an election integrity group seeking to remove Dominion machines in Georgia in favor of paper ballots ahead of the 2024 election.
The trial for the ongoing lawsuit against election officials began last Tuesday.
The plaintiffs asked Judge Totenberg to order Georgia officials to stop using the Dominion’s touchscreen machines.
Currently, the machines are used by nearly every in-person voter statewide.
However, that could soon change following the bombshell revelations unveiled in the federal courtroom.
During a demonstration before the judge, Professor Halderman was able to hack a Dominion machine with only a pen.
Halderman was able to change the tabulation of the votes as the court watched in amazement.
BREAKING: In A Federal Court In Atlanta Georgia On Friday J. Alex Halderman (@jhalderm) Was Able To HACK A DOMINION VOTING TABULATOR In Front Of U.S. District Judge Amy Totenberg USING ONLY A PEN TO CHANGE VOTE TOTALS! This Is Part Of A Long Running Lawsuit By Election Integrity… pic.twitter.com/nCSgmINTet
— John Basham (@JohnBasham) January 20, 2024
Halderman and Security Researcher and Assistant Professor at Auburn University Drew Sringall collaborated on a report in July 2021 where they discovered exploitable vulnerabilities in the Dominion’s ImageCast X system.
In June 2023, the Federal District Court for the Northern District of Georgia unsealed the 96-page Halderman Report – the Security Analysis of Georgia’s ImageCast X Ballot Marking Devices.
Today, the Federal District Court for the Northern District of Georgia unsealed a 96-page report that I wrote w/ Prof. @_aaspring_ from @AuburnU. It describes serious vulnerabilities we found in Georgia's Dominion ImageCast X ballot marking devices.https://t.co/4oV0Do45YS
— J. Alex Halderman (@jhalderm) June 14, 2023
The report confirmed that votes can be altered in the Dominion voting machines because the company’s software is vulnerable and can be hacked.
Obama-appointed Judge Totenberg sealed and covered up the results of the investigation of Dominion machines in Georgia.
She sat on the report until last week.
Professor Halderman wrote about the report’s findings following its release.
He is raising the alarm about the potential for Dominion’s vulnerabilities to be exploited in upcoming Georgia elections.
Back in September 2020, the Court granted the Curling Plaintiffs access to one of Georgia’s touchscreen ballot marking devices (BMDs) so that they could assess its security.
Drew and I extensively tested the machine, and we discovered vulnerabilities in nearly every part of the system that is exposed to potential attackers.
The most critical problem we found is an arbitrary-code-execution vulnerability that can be exploited to spread malware from a county’s central election management system (EMS) to every BMD in the jurisdiction.
This makes it possible to attack the BMDs at scale, over a wide area, without needing physical access to any of them.
Our report explains how attackers could exploit the flaws we found to change votes or potentially even affect election outcomes in Georgia, including how they could defeat the technical and procedural protections the state has in place.
While we are not aware of any evidence that the vulnerabilities have been exploited to change votes in past elections, without more precautions and mitigations, there is a serious risk that they will be exploited in the future.
Halderman also warned that Georgia Secretary of State Brad Raffensperger announced that the state would not install Dominion’s security patches until after the 2024 presidential election.
He also claims Raffensperger had been aware of the findings for two years.
Astonishingly, Georgia Secretary of State Brad Raffensperger, who has been aware of our findings for two years, just announced that the state will not get around to installing Dominion’s security patches until after the 2024 Presidential election. 🤦https://t.co/bnPXoP6Xc2
— J. Alex Halderman (@jhalderm) June 14, 2023
Dominion, which is not a party to this case, issued a statement responding to Halderman’s explosive live hack in court.
The company argues that there are “many layers of robust operational and procedural safeguards in place, overseen by local election officials, that help protect our elections and serve to ensure that any physical tampering is prohibited.”
Meanwhile, Judge Totenberg wrote in an order in October that she can’t order the state to switch to a system that uses hand-marked paper ballots.
Totenberg has “previously expressed concerns about the state’s election system and its implementation,” according to the AP.
Instead, she said she could order “pragmatic, sound remedial policy measures.”
These measures include eliminating the QR codes on ballots, stronger cybersecurity criteria, and more robust audits.