Why you can trust us

Engadget has been testing and reviewing consumer tech since 2004. Our stories may include affiliate links; if you buy something through a link, we may earn a commission. Read more about how we evaluate products.

Researchers easily breached voting machines for the 2020 election

The 'ethical hackers' bought a bunch of the machines on eBay and broke into every one.

The voting machines that the US will use in the 2020 election are still vulnerable to hacks. A group of ethical hackers tested a bunch of those voting machines and election systems (most of which they bought on eBay). They were able to crack into every machine, The Washington Post reports. Their tests took place this summer at a Def Con cybersecurity conference, but the group visited Washington to share their findings yesterday.

A number of flaws allowed the hackers to access the machines, including weak default passwords and shoddy encryption. The group says the machines could be hacked by anyone with access to them, and if poll workers make mistakes or take shortcuts, the machines could be infiltrated by remote hackers.

This isn't the first time we've been told the machines are susceptible to hacks. This summer we learned that key election systems may have been exposed online for months, and at least one voting machine maker sold states systems with remote access. With the 2020 election quickly approaching, states have little time to secure their systems. As The Washington Post reports, Senate Majority Leader Mitch McConnell (R-Ky.) is blocking bills that would mandate election security fixes. McConnell has endorsed giving $250 million in federal funds to state election officials, but that's significantly less than the $600 million Democrats in the Senate and House have proposed.

We also know that Russian hackers accessed voter databases in two Florida counties before the 2016 election. There's reason to believe that hackers -- and not just those from Russia -- would attempt to access the vulnerable voting machines in 2020. Homeland Security's Cybersecurity Infrastructure Security Agency (CISA) is preparing for ransomware attacks like we've seen in Atlanta and Baltimore, and NYU has identified all of the ways social media disinformation tactics could be used to undermine the election. Now, we've been warned that the voting machines pose yet another risk.