Voting machines used by election officials in more than half of U.S. states contain a specific security flaw that could allow hackers to remotely access systems and change vote totals, according to a report created at the DefCon hacker conference.
Hackers were able to exploit the flaw in an older model of machines manufactured by Election Systems & Software LLC, the nation’s leading election equipment seller, remotely via a networking bug, The Wall Street Journal reports.
The Model 650 machines are used by precincts in more than half of the states across the country.
The Hill notes:
Other flaws affecting the Model 650 and other machines would require a hacker to gain physical access to voter machines with a device such as a thumb drive in order to alter votes. The 650 series, however, is vulnerable to two flaws that could also allow remote access, the report states.
Oregon Sen. Ron Wyden (D) questioned company officials’ commitment to improving election security in the face of the revealed issues.
“It’s like going to a restaurant — if the bathroom’s dirty, you start to wonder what the kitchen looks like,” he told the Journal.
In August, the company’s vice president of systems security pushed back on the idea that so-called “ethical” hackers at DefCon would be able to provide useful insights about his company’s hardware.
“What I’m not in favor of is submitting hardware and software and source code to anonymous people,” Christopher Wlaschin told the Journal.
The company said it was “dedicated to the security of our nation’s elections since its founding 40 years ago and proactively evolves security practices as threats evolve,” in a statement to the Journal.
In 2016 Christopher Famighetti of the Brennan Center for Justice interview told CBS News, “We found that more than 40 states are using voting machines there that are at least 10 years [old].”