The ImageCast X voting machine enables voters to choose their preferred candidates on a touch screen and then print a paper record, similar to what voters did in Georgia during the election of 2020. "An attacker could leverage this vulnerability to print an arbitrary number of ballots without authorization." In one flaw identified by CISA, "the authentication mechanism used by voters to activate a voting session on the tested version of ImageCast X is susceptible to forgery," according to the advisory. "Jurisdictions can prevent and/or detect the exploitation of these vulnerabilities by diligently applying the mitigations recommended in this advisory, including technical, physical, and operational controls that limit unauthorized access or manipulation of voting systems." "Exploitation of these vulnerabilities would require physical access to individual ImageCast X devices, access to the Election Management System (EMS), or the ability to modify files before they are uploaded to ImageCast X devices," the advisory outlines. The advisory also points out that there are a number of barriers to taking advantage of the flaws in the voting machines. The director noted in her statement that many of CISA's recommended mitigations "are typically standard practice in jurisdictions where these devices are in use" and "are able to detect exploitation of these vulnerabilities and in many cases would prevent attempts entirely if diligently applied, making it very unlikely that a malicious actor could exploit these vulnerabilities to affect an election." The CISA advisory, previously reported by the Washington Post, recommends several mitigation measures for states using the voting machines to detect or prevent exploitation of identified vulnerabilities. The flaws, some of which stem directly from machine design, are fairly technical and would likely require any perpetrator to have direct, physical access to voting devices and/or other equipment polling management equipment. The program, first established in 2019, has examined and disclosed hundreds of vulnerabilities in both commercial and industrial use, flagged by researchers across the country and world.Īccording to Easterly, CISA is "closely engaged with election officials across the country to help them address these vulnerabilities by applying the mitigations recommended in the advisory."ĬISA has identified nine flaws within certain versions of Dominion Voting Systems ImageCast X software. The bulletin - circulated among state election officials earlier this week and publicly shared online, Friday - marks the first time CISA has used its vulnerability disclosure program to probe voting machines. In a statement Friday, CISA Director Jen Easterly wrote, "Over the past week, we've been working with election officials on information regarding vulnerabilities affecting certain versions of Dominion Voting Systems' software." She continued, "Today, we are releasing this information publicly." "While these vulnerabilities present risks that should be mitigated as soon as possible, CISA has no evidence that these vulnerabilities have been exploited in any elections," the advisory reads.
found no evidence that flaws in Dominion voting machines were ever exploited, including in the 2020 election, according to a new bulletin released Friday by the Cybersecurity and Infrastructure Security Agency.