Latest in Gear

Image credit: Michael Robinson Chavez/The Washington Post via Getty Images

Report finds many US election officials vulnerable to phishing attacks

Attacks on voting machines may not be the main concern.
Jon Fingas, @jonfingas
July 26, 2020
136 Shares
Share
Tweet
Share

Sponsored Links

voting booths
Michael Robinson Chavez/The Washington Post via Getty Images

The security risks around the 2020 presidential election aren’t limited to direct attacks on the voting systems. Research firm Area 1 Security has published a report (via Wall Street Journal) warning that many election officials are using email systems that leave them vulnerable to phishing attacks and hacks. Out of more than 10,000 state and local officials, about 53 percent only had “rudimentary or non-standard” defenses against phishing. Only 18.6 percent had “advanced” safeguards in place, and 5.4 percent were using personal email addresses.

Small jurisdictions in Maine, Michigan, Missouri and New Hampshire were using a flawed version of Exim, software that’s free but has also been targeted by state-sponsored Russian hackers.

This wouldn’t necessarily let intruders compromise the voting process. The Cyber Threat Alliance’s J. Michael Daniel told the WSJ that it would be “really hard to do” digital vote manipulation at a meaningful level. However, ransomware and other phishing-based campaigns could make it difficult for election administrators to do their job, and might cast doubt on the results even if the voting infrastructure is safe.

This could still be an improvement over security levels in past years. However, this still leaves many officials susceptible. Russia and other countries were reportedly trying to phish high-profile targets in 2018 — it’s difficult to rule out similar campaigns in 2020, particularly against election staff who don’t have the same resources to protect themselves. It may be a long while before email security is consistently strong.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
136 Shares
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
Space Force official logo and motto unveiled

Space Force official logo and motto unveiled

View
Nreal Light mixed reality glasses launch in Korea with the Galaxy Note 20

Nreal Light mixed reality glasses launch in Korea with the Galaxy Note 20

View
California wins injunction against Uber, Lyft classifying drivers as contractors

California wins injunction against Uber, Lyft classifying drivers as contractors

View
Nintendo 'gigaleak' reveals the classic games that never were

Nintendo 'gigaleak' reveals the classic games that never were

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr