A recently released 96-page report by an election security IT expert found that a model of Dominion voting machines widely used in the 2020 election “suffers from critical vulnerabilities that can be exploited to subvert all of its security mechanisms.”
In the July 1, 2021 open report, University of Michigan computer science professor Alex Halderman, with the help of Professor Drew Springall, conducts a “security analysis” of “ballot marking devices ” or Dominion Voting System BMD, in particular, the corporation’s “ImageCast X (ICX) BMD.”
The disclosure of the “Halderman Report” by a federal judge is part of a long-running case brought by citizens trying to stop Georgia from using Dominion machines. Halderman’s insightful analysis has led many of the same outlets that disparaged Donald Trump and conservatives who claimed voter fraud in 2020 to refocus their attention on the possibility of hacking into Dominion Voting System voting machines.
Get the latest and greatest news from the internet, delivered FREE to your inbox as soon as it’s posted! Take just 30 seconds and sign up for WND email news alerts!
“Expert Report Fuels Election Doubts as Georgia Waits to Update Voting Software: A newly revealed expert report arguing Georgia Dominion voting machines are vulnerable to hacking is fueling election doubts in Georgia read a headline in an NBC News story published Friday.
Noting that Dominion, which recently settled $787 million with Fox News over what it said were erroneous claims by Fox hosts about its voting machines, has played down the possibility of hacking its devices, NBC reported: “But Federal authorities have identified the same vulnerabilities, and more than 20 cybersecurity experts rushed to defend Halderman’s report this week.
“Some of the issues could be mitigated by updating Dominion’s software, but Georgia officials say the update is unrealistic, a huge task that they won’t begin until after the 2024 election,” NBC reported.
He continued: “The warnings are forceful and suggest that Georgia’s voting machines could be tampered with by bad actors in a matter of minutes. Halderman argued that attackers could alter QR codes on paper ballots and install malware on individual voting machines “with only brief physical access.” They could attack the broader voting system if they have the same access as certain county-level election officials, according to their report.”
NBC quotes Halderman, who writes: “My technical findings leave Georgia voters with very little reason to trust that the votes they cast (Dominion’s current ballot marking devices) are safe, that their votes will be counted correctly.” or that any future elections using Georgia’s (ballot marking devices) will be reasonably safe from attack and will produce correct results.”
Dominion’s voting machines are used in several US states, but “Georgians voting at a polling place generally have no choice but to use (Dominion’s) BMDs,” according to Halderman.
His partially redacted report was submitted under penalty of Georgia perjury laws, he writes.
Halderman lists vulnerable areas where Dominion ICX machine security protections could be subverted, “including: user authentication, data integrity protection, access control, separation of privileges, audit logs, protection counters, validation hashing and external firmware validation”.
“I demonstrate that these vulnerabilities provide multiple routes by which attackers can install malware on Georgia’s BMDs, either with temporary physical access or remotely from election management systems (EMS). I explain how such malware can tamper with voter votes while subverting all procedural protections practiced by the State,” he writes in the report.
‘Malicious actors’ could subvert the system in ‘less minutes’
Ominously, Halderman writes of how easy it was for him to “compromise” the Dominion machine: “I played the role of an attacker and tried to figure out ways to compromise the system and change the votes. I, along with my assistant, spent a total of about twelve person-weeks studying the machines, testing vulnerabilities, and developing proof-of-concept attacks. Many of the attacks I have successfully implemented could be carried out by malicious actors with very limited time and access to the machines, just a few minutes.”
He writes: “The use of vulnerable ICX BMDs for all in-person voters, as Georgia does, greatly magnifies security risks compared to jurisdictions that use hand-marked paper ballots but provide BMDs to voters on demand. When the use of such BMDs is limited to a small fraction of voters, as in most other states, they are a less valuable target and less likely to be attacked. Even if they are successfully compromised, attackers can change at most a small fraction of the votes, which, again, creates a strong disincentive to undertake the effort and risk of changing those votes.”
“The critical vulnerabilities in ICX, and the wide variety of minor but equally serious security issues, indicate that it was developed without paying sufficient attention to security during design, software engineering, and testing. The resulting system architecture is brittle; small mistakes can lead to a full exploit. Also, previous security testing efforts as part of the federal and state certification processes appear not to have uncovered the critical issues I found,” according to the report.
Halderman concludes: “It would not take major conspiracies to commit large-scale fraud, just moderate technical skills of the kind already possessed by attackers likely to target the Georgia election. Unfortunately, even if such an attack never comes, the fact that Georgia’s BMDs are so vulnerable will surely be exploited by partisan actors to suppress voter participation and cast doubt on the legitimacy of the election results.”
The ‘pivot’ conservative media?
Meanwhile, conservative writer, host of FrankSpeech, and former White House correspondent for Newsmax and OANN, Emerald Robinson, took to her Substack page on Monday to summarize the Halderman Report this way (emphasis hers): “Electronic voting machines are vulnerable to hacking..”
Robinson said the publication of the professor’s report “has had a curious effect on the world of ‘conservative’ media. Many right-wing influencers and con artists at Fox News, particularly those who had been told voter fraud was a conspiracy theory for the past three years, were suddenly changing their tune.”
“That’s right: that crowd is now doing a ‘pivot’ message, with no apologies,” Robinson wrote. “Of course, now, everyone claims that they always knew that voting machines were crap. That’s after three years of calling people (like me) too extremists and election deniers and kooks and many other words that don’t need to be repeated here.”
“I will never forget the people who called me after the 2020 election and told me to drop the voter fraud issue. I’ll never forget the list of people who stopped talking to me because they thought I was ‘totally crazy’. The names will surprise you. I will tell you some of those names in due course,” she said. “Needless to say: I will expose these fair-weather friends and assorted con artists, in due course.”
Halderman Expert Ratings
Halderman states his qualifications as follows, in part: “My name is J. Alex Halderman. I am a Professor of Computer Science and Engineering, Director of the Center for Information Society and Security, and Director of the Software Systems Laboratory at the University of Michigan in Ann Arbor. I have a PhD. (2009), an MS (2005) and a BA (2003), summa cum laude, in Computer Science, all from Princeton University. My background, qualifications, and professional affiliations are set forth in my resume, which is available online at https://alexhalderman.com/home/halderman-cv.pdf.
“My research focuses on computer security and privacy, with an emphasis on issues that broadly affect society and public policy. My research areas include software security, network security, computer forensics, and election cybersecurity. I have written more than 90 articles and books, and my work has been cited in more than 12,000 academic journals. I have served as a peer reviewer at more than 35 research conferences and workshops.”
/cdn.vox-cdn.com/uploads/chorus_asset/file/24742194/350457055_218583294315389_8997521909640967870_n.jpg)