Skip to main content

Hackers say voting machines are vulnerable. But that’s not the real problem

The U.S. is in no way ready to move any of its election processes online, white hat hackers told Digital Trends. But while a lot of attention has been focused on the vulnerability of new voting machines, the more imminent danger is the electronic infrastructure around elections, experts said.

The new voting machines that have attracted a lot of attention during the primaries aren’t even the biggest concern, said Jack Cable, a famed hacker and software expert now focused on the U.S. elections.

Voter registration system and election night reporting systems are far more vulnerable — and easy — to attack, he said.

While trying to register to vote, Cable found massive vulnerabilities in the Illinois voter registration system that could have allowed hackers to see and potentially alter voter data. If a database of voters is easily accessed and corrupted, election results could be unverifiable. Hackers could, theoretically, wipe or change voter registration, which could cause widespread voter disenfranchisement.

A bad actor could even change the results or wipe people’s votes completely through an unsecured back-end.

“There is so much more work that needs to be done” before elections can be really secure, Cable told Digital Trends.

And it will take a lot longer than the five months left until the 2020 U.S. presidential election to get those theoretical elections systems properly in place.

“With the integrity of these systems as they are, it’s more important now more than ever that we have a remote mail-in system,” Cable said.

Cable suggests the U.S. stick with paper voting, which is still the most reliable voting method and surprisingly resilient to fraud, he said.

The issue comes down to auditing, the experts said. You can audit a piece of paper. A phone or electronic machine is more easily manipulated, and therefore less auditable. Cable said there is no way to send election results electronically in a secure manner.

“Nothing guarantees [verified results] with electronic online voting,” Cable said. “If a voter’s device has malware on it, then it’s effectively impossible to prove their vote did or did not count. No security expert would recommend this.”

Now is the worst time to be debuting new technology “unless it’s intended to help secure the election,” said Jonathan Reiber, former Pentagon chief strategy officer for cyber policy and a current senior director at the cybersecurity firm AttackIQ.

“You have to test new tech vigorously, many, many times at scale to make sure it works,” Reiber told Digital Trends. “If I’m an election administrator, I need to worry that people can vote. But just as important is making sure the process is secure and trustworthy.”

Even some of the newest voting machines haven’t passed the test.

At Def Con 27 in August 2019, an annual hacker’s conference wherein security researchers from around the U.S. gather to try to see exactly how the latest voting tech can be broken, hackers found ways to compromise every single voting machine at the conference.

They found ways to do so “in ways that could alter stored vote tallies, change ballots displayed to voters, or alter internal software that controls the machine,” the final report from the conference said. Even teenagers who had never hacked before were able to gain access to the machines in a short amount of time, the report stated.

The report also noted that this was “unsurprising” and that it was “notable — and especially disappointing — that many of the specific vulnerabilities reported over a decade earlier … are still present in these systems today.”

But Reiber and Cable said it was unlikely that hackers would be able to hack numerous machines on Election Day. Trying to hack machines would take long enough to raise suspicions quickly, and since the vast majority of these machines aren’t connected to the internet, hackers would need to break into each machine one by one.

In fact, a hacker doesn’t actually need to hack the election, per se, Cable said. They just need to look like they have in order to have the intended effect; the suggestion of a compromised election could be enough to plant distrust in the results.

“The possibility that the election gets hacked is less than something normal going wrong that wasn’t planned for, and then that spins out of control,” Cable said.

Fake pictures on social media of voting machines could make it look like the machines have been hacked, even if they haven’t, which could spark fears of disputed or corrupted results.

Georgia’s June primary was notoriously plagued with allegations of machine and human error.

“The primaries are a good case study of what could happen in November,” Cable said. “There’s no indication that anyone was hacked, or that there were any errors more than standard procedural error. But it could get spun out as something different. Allegations that something was hacked or rigged are going to be more prominent in November.”

“History has shown us that it doesn’t take very much to sow distrust in the democratic process,” Reiber added.

Editors' Recommendations

Maya Shwayder
I'm a multimedia journalist currently based in New England. I previously worked for DW News/Deutsche Welle as an anchor and…
How did Iowa screw up its Dem caucus vote? There was an app for that
Democratic Presidential Candidate Joe Biden Campaigns In Iowa

Usually, we’d all know by know which Democratic presidential candidate won Monday's Iowa caucus. However, a new app that was used is causing significant delays in the final counts, and we still don’t know who won one of the first critical elections of the primary season.

The use of a new app was meant to make counting easier this year, but its proving to do the exact opposite. We’re now at least 13 hours past when we should have known who won the Iowa caucus and are still left with more questions than answers. 

Read more
NFL: Multiple teams’ social media accounts targeted by hackers
The NFL's Daniel Sorensen tries to tackle Darren Waller

“Everything is hackable,” a message posted to the social media accounts of multiple NFL teams said on Sunday. And yes, it was written by hackers.

The NFL’s social media feeds, along with those belonging to teams such as the Chicago Bears, Dallas Cowboys, New York Giants, and Philadelphia Eagles, were all temporarily taken over by a hacking group purporting to be OurMine, which has been behind similar kinds of activity in recent years.

Read more
Vintage car group says EV classics aren’t real classics. Here’s why that’s wrong
volkswagen updates classic beetles with modern electric powertrains e beetle

The Fédération Internationale des Véhicules Anciens (FIVA) has put out a statement that explains how the historic vehicle federation does not recognize a vehicle as historic if it has been upgraded to an electric drivetrain. According to the statement, the group "cannot promote, to owners or regulators, the use of modern EV components to replace a historic vehicle’s drivetrain."

This announcement comes on the heels of several debuts of classic-bodied vehicles with modern electric drivetrains, including those from Lunaz and Swindon Powertrain, as well as factory-backed efforts by Jaguar, Aston Martin, and Volkswagen. FIVA says it sees the need for such modifications, but suggests that modified vehicles remain capable of being returned to factory original specification.

Read more