An investigation into the 2020 election has uncovered evidence that a model of voting machine that was used across America was suffering “from critical vulnerabilities that can be exploited to subvert all of its security mechanisms.”
The findings were revealed in a newly released, 96-page report by an expert in computer science and election security.
The vulnerability was found in one model of Dominion Voting Systems machines that was widely used in 2020.
The July 1, 2021 investigation report has just been unsealed after being previously sealed by the courts.
With the help of Prof. Drew Springall, University of Michigan computer science professor Alex Halderman conducted a “security analysis” of Dominion’s “ballot marking devices,” or BMDs.
In particular, they examined the company’s “ImageCast X (ICX) BMD.”
Halderman’s deep analysis has led many of the corporate media who smeared President Donald Trump and conservatives who claimed vote fraud in 2020 to switch their attention back to the potential for hacking Dominion’s voting machines.
“Expert report fuels election doubts as Georgia waits to update voting software: A newly unsealed expert report arguing that Georgia’s Dominion voting machines are vulnerable to hacking is fueling election doubts in Georgia,” reads a headline in an NBC News story published Friday.
Dominion recently reached a $787 million settlement with Fox News over what it said were erroneous claims by Fox hosts about its voting machines.
Noting that Dominion has downplayed the potential for hacking into its devices, NBC reported: “But federal authorities have identified the same vulnerabilities, and more than 20 cybersecurity experts rushed to defend Halderman’s report this week.”
“Some of the issues could be mitigated by upgrading the Dominion software, but Georgia officials say the upgrade is unrealistic – an enormous undertaking they won’t start until after the 2024 elections,” NBC reported.
It continued: “The warnings are stark, suggesting that Georgia’s voting machines could be manipulated by bad actors in mere minutes.
“Halderman argued that attackers could alter the QR codes on printed ballots, and install malware on individual voting machines ‘with only brief physical access.’
“They could attack the broader voting system if they have the same access as certain county-level election officials, his report said.”
NBC quotes Halderman, who writes: “My technical findings leave Georgia voters with greatly diminished grounds to be confident that the votes they cast on [the current Dominion ballot-marking devices] are secured, that their votes will be counted correctly, or that any future elections using Georgia’s [ballot-marking devices] will be reasonably secure from attack and produce correct results.”
Dominion voting machines are used in various states across the United States.
However, “Georgians who vote at a polling place generally have no choice but to use the [Dominion] BMDs,” according to Halderman.
His partly redacted report was filed under penalty of Georgia’s perjury laws, he writes.
Halderman lists the vulnerable areas in which Dominion ICX machines’ security protections could be subverted, “including user authentication, data integrity protection, access control, privilege separation, audit logs, protective counters, hash validation, and external firmware validation.”
“I demonstrate that these vulnerabilities provide multiple routes by which attackers can install malicious software on Georgia’s BMDs, either with temporary physical access or remotely from election management systems (EMSs),” he writes in the report.
“I explain how such malware can alter voters’ votes while subverting all of the procedural protections practiced by the State.”
Ominously, Halderman writes about how easy it was for him to “compromise” the Dominion machine: “I played the role of an attacker and attempted to discover ways to compromise the system and change votes.
“I, along with my assistant, spent a total of approximately twelve person-weeks studying the machines, testing for vulnerabilities, and developing proof-of-concept attacks.
“Many of the attacks I successfully implemented could be effectuated by malicious actors with very limited time and access to the machines, as little as mere minutes.”
He writes: “Using vulnerable ICX BMDs for all in-person voters, as Georgia does, greatly magnifies the security risks compared to jurisdictions that use hand-marked paper ballots but provide BMDs to voters upon request.
“When the use of such BMDs is limited to a small fraction of voters, as in most other states, they are a less valuable target and less likely to be attacked at all.
“Even if they are successfully compromised, attackers can change at most a small fraction of votes – which, again, creates a strong disincentive to undertake the effort and risk to change any such votes.”
“The critical vulnerabilities in the ICX – and the wide variety of lesser but still serious security issues – indicate that it was developed without sufficient attention to security during design, software engineering, and testing.
“The resulting system architecture is brittle; small mistakes can lead to complete exploitation,” according to the report.
“Likewise, previous security testing efforts as part of federal and state certification processes appear not to have uncovered the critical problems I found.”
Halderman concludes: “No grand conspiracies would be necessary to commit large-scale fraud, but rather only moderate technical skills of the kind that attackers who are likely to target Georgia’s elections already possess.
“Unfortunately, even if such an attack never comes, the fact that Georgia’s BMDs are so vulnerable is all but certain to be exploited by partisan actors to suppress voter participation and cast doubt on the legitimacy of election results.”
Meanwhile, former Newsmax and OANN White House correspondent Emerald Robinson took to her Substack page Monday to summarize the Halderman Report this way (emphasis is hers): “Electronic voting machines are vulnerable to hacking.”
Robinson said the release of the professor’s report “has had a curious effect on the ‘conservative’ media world.
“Lots of right-wing influencers and Fox News fraudsters – particularly the ones who told you that election fraud was a conspiracy theory for the last three years – were changing their tune suddenly.”
“That’s right: that crowd is now doing a message ‘pivot’ – with no apology,” Robinson wrote.
“Of course, now, they all claim that they always knew the voting machines were garbage.
“That’s after three years of calling people (like myself) too extreme and election deniers and wackos and lots of other words that need not be repeated here.”
“I will never forget the people who called me after the 2020 election and told me to drop the issue of election fraud,” she said.
“I will never forget the list of people who stopped talking to me because they thought I was ‘totally nuts.’
“The names will surprise you. I will tell you some of those names in due time.
“Needless to say: I will be exposing these fair-weather friends, and assorted grifters, in good time.”
Halderman lays out his qualifications as follows, in part:
My name is J. Alex Halderman. I am Professor of Computer Science and Engineering, Director of the Center for Computer Security and Society, and Director of the Software Systems Laboratory at the University of Michigan in Ann Arbor.
I hold a Ph.D. (2009), a master’s degree (2005), and a bachelor’s degree (2003), summa cum laude, in computer science, all from Princeton University. My background, qualifications, and professional affiliations are set forth in my curriculum vitae, which is available online at https://alexhalderman.com/home/halderman-cv.pdf.
My research focuses on computer security and privacy, with an emphasis on problems that broadly impact society and public policy. Among my areas of research are software security, network security, computer forensics, and election cybersecurity.
I have authored more than 90 articles and books, and my work has been cited in more than 12,000 scholarly publications.
I have served as a peer-reviewer for more than 35 research conferences and workshops.