IE 11 is not supported. For an optimal experience visit our site on another browser.

Hackers Find Security Flaws in Some Voting Machines

Security researchers have found vulnerabilities with the machines some Americans will use to vote.
/ Source: CNBC.com

Security researchers have found vulnerabilities with the machines some Americans will use to vote.

The news comes in a hotly contested election cycle where hacked emails are being deployed furiously in an attempt to sway public opinion. Meanwhile, hackers have already tried to breach election systems in more than 20 states, according to the Department of Homeland Security.

Voters wait in line for casting their ballots during early voting for the 2016 general election at Forsyth County Government Center October 28, 2016 in Winston-Salem, North Carolina.
Voters wait in line for casting their ballots during early voting for the 2016 general election at Forsyth County Government Center October 28, 2016 in Winston-Salem, North Carolina.Getty Images

According to experts, the people doing the hacking may not have to try hard.

"The machines themselves physically have been shown to be very vulnerable," Cris Thomas, a strategist for Tenable Network Security, a Maryland based cybersecurity company, told CNBC's "On the Money" recently. In a related development, some machines are using outdated technology.

"The fact is we've been voting on old technology, old Windows 2000 based operating systems… The voting machines themselves are archaic, having been around for 10-15 years," said Congressman Hank Johnson, a Georgia Democrat who has sponsored legislation on the issue.

Researchers at cybersecurity company, Symantec, tracked down voting machines used in the last election, and found plenty of security flaws.

"It literally took a couple of days…we were able to then reverse engineer all the stuff on that system. What was fascinating is the last election's information was still on those hard drives," said Samir Kapuria, a senior vice president of cybersecurity for Symantec, which makes Norton Internet Security.

One particular machine works by giving voters a card to insert and use to cast their ballot, and the card is reused by multiple voters. Symantec would not reveal the manufacturer of those machines, but said they are still in use.

That card could be reprogrammed to look like the same person cast a ballot multiple times, according to Kapuria. Even worse, he says there is no paper trail.

"There isn't a recourse. That's why it's such a risk…It could create fear, uncertainty, or doubt in the whole election process," Kapuria said.

The good news is that there are multiples types of voting systems across the country. "Right now we have over 9,000 jurisdictions all with different types of equipment and that sort of helps promote the resilience of our electoral system," Thomas told CNBC. In addition, most voting systems are not connected to the Internet, reducing the possibility of a Web-based attack.

"The fact that these machines require physical access to cause harm helps to limit the possibility that there is any nefarious activity going on," Thomas said.

Overall, while experts believe one machine could be compromised, wide spread hacking is unlikely. Still, government officials are paying attention.

Johnson sponsored the "Election Infrastructure and Security Promotion Act of 2016" (H.R. 6073), which would classify voting systems critical infrastructure. The bill is currently in subcommittee.

"There are some minimum standards that are in place, but they have not been adjusted for quite a long time," he told CNBC. "There is always a need for the federal government to continue analyzing, modifying, and putting in place new processes and procedures and standards that will keep up with the changing technology."

In the meantime, there is voluntary assistance for states. Thus far, 48 states have asked the Department of Homeland Security for help, amid widespread cyber breaches that have stoked security concerns.

"We have confidence in the overall integrity of our electoral systems. ...Nevertheless, we must face the reality that cyber intrusions and attacks in this country are increasingly sophisticated," DHS Secretary Jeh Johnson, said in a recent statement.

While worries about voting security pop up around election time, expects say the time to act is now to protect the 2020 Presidential election.

"Starting on November 9, we really need to have a strong national conversation about what we're going to do with our voting systems so that the next election we don't have this same issue" Thomas said.