Latest in Tomorrow

Image credit:

Key U.S. election systems could have been exposed online for months

More than 30 backend systems in 10 states were left connected.
Amrita Khalid, @askhalid
August 8, 2019
3 Shares
Share
Tweet
Share

Sponsored Links

ASSOCIATED PRESS

More than 30 backend election systems over the last year -- including some in key swing states like Florida, Michigan and Wisconsin -- have been left online and were susceptible to hackers. A Motherboard investigation published today revealed that systems made by ES&S, one of the largest makers of voting machines in the country, were connected to the internet for long periods of time, in some instances as long as a year. This information contradicts prior claims by election officials that voting machine systems were no longer connected after Election Day.

It's likely the case that election officials who claimed their systems weren't online didn't know any better. "We ... discovered that at least some jurisdictions were not aware that their systems were online," Kevin Skoglund, an independent security consultant, told Motherboard.

At issue isn't the electronic voting machines themselves, but the SFTP server and firewall that some polling places use to speedily transmit votes. Such systems are only supposed to be connected to the internet during Election Day, and then are promptly disconnected. Researchers told Motherboard that critical backend systems are connected to the firewalls. If a hacker was able to intercept the firewall, they could alter vote totals or infect voting machines with malware.

ES&S disagrees with the conclusion reached by the researchers interviewed for the story. "There's nothing connected to the firewall that is exposed to the internet," Gary Weber, vice president of software development and engineering for ES&S, told Motherboard.

This isn't the first instance of ES&S running into trouble for its handling of election security. Last summer, the vendor admitted to Senator Ron Wyden (D-OR) that some of its election management systems had vulnerable remote-access tools -- despite repeated denials in the past. The North Carolina Board of Elections -- which uses ES&S systems -- recently voted to disqualify the company's machines for not providing an option for hand-marked ballots.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
3 Shares
Share
Tweet
Share

Popular on Engadget

Researchers 3D-printed a cell-sized tugboat

Researchers 3D-printed a cell-sized tugboat

View
PlayStation 5 first look: At home with Sony’s new console

PlayStation 5 first look: At home with Sony’s new console

View
MIT tests autonomous 'Roboat' that can carry two passengers

MIT tests autonomous 'Roboat' that can carry two passengers

View
NASA will try to stow away its leaking asteroid sample tomorrow

NASA will try to stow away its leaking asteroid sample tomorrow

View
NVIDIA RTX 3070 review: A hot rod GPU for the practical gamer

NVIDIA RTX 3070 review: A hot rod GPU for the practical gamer

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr