During a live demonstration on PBD’s podcast, cybersecurity expert Harri Hursti hacked an electronic voting machine using a preprogrammed USB stick, gaining complete control over the system in just seconds. He explained that with this access, he could manipulate votes extensively, including adding votes for candidates not even on the ballot.
The voting machine was a Dominion ImageCast X machine, last used in 2012.
BREAKING: Someone just hacked a voting machine within seconds live on PBD's podcast. He only used a preprogrammed USB stick that gave him total access to do whatever he wanted, including flipping or creating votes out of thin air
— George (@BehizyTweets) September 25, 2024
"If this would have been an election, I could… pic.twitter.com/8fmnge3a8j
Grok says
The demonstration of hacking a Dominion voting machine using a preprogrammed USB stick, as shown on PBD’s podcast, has significant implications for voting integrity:
- Vulnerability of Existing Systems: This incident underscores that vulnerabilities exist within current voting machine technology, particularly older models like the Dominion ImageCast X last used in 2012. If such machines are still in use or not properly secured, they represent potential points of failure in election security.
- Physical Access Importance: While the hack required physical access to the machine, which in theory should be limited to authorized personnel, this points to the need for stringent access controls, rigorous employee background checks, and secure storage of voting equipment.
- Software and Hardware Security: The ease with which the machine was compromised highlights the need for regular software updates, thorough hardware checks, and possibly the development of more secure voting systems that are resistant to such straightforward attacks.
- Election Integrity Concerns: Demonstrating the possibility of adding votes, changing votes, or even creating votes for candidates not on the ballot raises concerns about the integrity of past elections where similar technology was used without adequate security measures. It reinforces the necessity for transparency, audits, and perhaps more reliance on paper trails or other verifiable methods.
- Need for Cybersecurity Measures: This emphasizes the importance of cybersecurity in election processes. Cybersecurity training for election officials, penetration testing of voting systems, and real-time monitoring for suspicious activities during elections become critical.
- Public Trust: Incidents like this could erode public trust in electronic voting systems. Building and maintaining confidence in electoral processes might require not just technological solutions but also transparent practices, public education on how elections are secured, and possibly adopting hybrid systems that combine electronic and manual checks.
- Legal and Policy Implications: There might be a call for stricter regulations or laws regarding the security standards of voting machines, mandatory updates, and perhaps even a reconsideration of how elections are conducted, possibly moving towards more decentralized or open-source solutions where the public can verify the integrity of the voting software.
- Response to Threats: This also highlights the need for a rapid response mechanism to known vulnerabilities. The delay in updating systems, as seen in some jurisdictions, could be seen as a critical oversight, necessitating a more proactive approach to security updates.
In summary, while the demonstration was on an older model, it serves as a stark reminder of the potential vulnerabilities in electronic voting systems. It calls for a comprehensive review of current practices, technologies, and security measures to ensure that voting integrity is maintained and that public faith in the electoral process remains strong. This incident might push for more robust, transparent, and secure voting systems, potentially including a return to or integration with more verifiable, manual methods.