Cylance® Inc, a CyberTECH member, has announced the successful exploitation of critical vulnerabilities in a common model of voting machine. The exploitation of these vulnerabilities was previously thought to only be theoretical in nature prior to this revelation by Cylance researchers
The compromise techniques are relatively simple to undertake, but do require physical access to the voting machine.
To help understand the risk to election integrity, Cylance produced a demonstration video of the techniques used to compromise the Sequoia AVC Edge Mk1 voting machine.
The video shows how Cylance researchers were able to re-flash the firmware with a PCMCIA card, directly manipulate the voting tallies in memory, and cause a vote for one candidate to be credited to another by altering elements of the device’s screen display.
For mitigation in the long term, Cylance recommends phasing out and replacing deprecated, insecure machines — namely those without robust, hardware-based firmware and data verification mechanisms.
Also, additional due diligence of polling place volunteers, workers, officers may help mitigate possible collusion for tampering by these groups.
The units in question were known to be in use in hundreds of thousands of polling locations across the country in the recent election.