Report on Dominion voting machines proves ‘safest election in history’ was a lie
A highly anticipated report released Friday by the Cybersecurity and Infrastructure Agency, also known as CISA, provides official documentation of the major security flaws posed by Dominion Voting Systems Machines. It comes nearly two years after the 2020 presidential election, which the agency called “the safest election in history.”
While the CISA report says it has “no evidence that these vulnerabilities have been exploited in elections”, it nevertheless highlights at least nine concrete and alarming security vulnerabilities. The CISA report was released based on analysis by J. Alex Halderman of the University of Michigan and Drew Springall of Auburn University.
The report indicates that the security advisory affects the following versions of Dominion Voting Systems ImageCast X software that are known to be affected (other versions could not be tested): ImageCast X firmware based on Android 5.1, such as ‘used in Dominion Democracy Suite Voting System Version 5.5-A and ImageCast X application versions 22.214.171.124 and 126.96.36.199, as used in Dominion Democracy Suite Voting System Version 5.5-A.
The Vulnerability Overview lists nine different security issues. It is important to go beyond the advisory document itself to get a clear picture of the vulnerability. The security flaws justify concerns from election observers who pointed out that administrator rights could be used to override security features and that the system could potentially be hacked due to “identity theft”.
The security vulnerabilities are listed below:
- The tested version of ImageCast X does not validate application signatures against a trusted root certificate.
- The tested version of ImageCast X’s on-screen application hash feature, audit log export, and application export feature relies on self-checking mechanisms. certificate. An attacker could exploit this vulnerability to hide malicious applications on a device.
- The tested version of ImageCast X has a Terminal Emulator application that could be exploited by an attacker to gain elevated privileges on a device and/or install malicious code.
- The tested version of ImageCast X allows Android to be restarted in safe mode, which allows an attacker to directly access the operating system. An attacker could exploit this vulnerability to elevate privileges on a device and/or install malicious code.
- The tested version of ImageCast X can be manipulated to cause execution of arbitrary code by specially crafted election definition files. An attacker could take advantage of this vulnerability to spread malicious code to ImageCast X devices from the EMS.
- Applications on the tested version of ImageCast X can run code with elevated privileges by leveraging a system-level service. An attacker could exploit this vulnerability to elevate privileges on a device and/or install malicious code.
- The authentication mechanism used by technicians on the tested version of ImageCast X is susceptible to tampering. An attacker with physical access can use it to gain administrative privileges on a device and install malicious code or perform arbitrary administrative actions.
- The authentication mechanism used by election officials to administer voting using the tested version of ImageCast X may reveal cryptographic secrets used to protect election information. An attacker could exploit this vulnerability to access sensitive information and perform privileged actions, potentially affecting other election equipment.
- The authentication mechanism used by voters to activate a voting session on the tested version of ImageCast X is susceptible to tampering. An attacker could take advantage of this vulnerability to print an arbitrary number of ballots without authorization.
CISA recommended the following recommendations as “mitigating” measures:
- Contact Dominion Voting Systems to determine which software and/or firmware updates should be applied. Dominion Voting Systems reports to CISA that the above vulnerabilities have been fixed in later software releases.
- Make sure all affected devices are physically protected before, during and after voting.
- Ensure compliance with chain of custody procedures throughout the electoral cycle.
- Make sure that ImageCast X and the Election Management System (EMS) are not connected to any external network (i.e. accessible through the Internet).
- Ensure that carefully selected protective and detective physical security measures (e.g. locks and tamper-evident seals) are implemented on all affected devices, including connected devices such as printers and cables connection.
- Close all background application windows on each ImageCast X device.
- Use read-only media to update software or install files on ImageCast X devices.
- Use separate and unique access codes for each poll worker card.
- Ensure that all ImageCast X devices undergo rigorous pre- and post-election testing.
- Disable the “Unify tabulator security keys” feature on the election management system and ensure that new cryptographic keys are used for each election.
- As recommended by Dominion Voting Systems, use the additional method to validate hashes on applications, audit log exports, and application exports.
- Encourage voters to check the human-readable votes on the printout.
- Conduct rigorous post-election audits of tabulation of human-readable portions of physical ballots and paper records, including reviewing the ballot chain of custody and conducting voter-to-vote reconciliation procedures. These activities are particularly crucial in detecting attacks where listed vulnerabilities are exploited in such a way that a barcode is manipulated to be tabulated inconsistently with the human-readable portion of the ballot. (REMARK: If states and jurisdictions so choose, ImageCast X offers the configuration option to produce ballots that do not print barcodes for tabulation.)
It should be noted that a number of these mitigation measures were not followed in the 2020 presidential election. These include ensuring the physical security of machinery and equipment, as evidenced by lost USB keys; flawed chain-of-custody procedures (ballot boxes have often led to such violations of election law); machines that are proven to be connected to the Internet; missing or destroyed ballot images; and the use of QR codes rather than human-readable ballot papers.
Thus, CISA’s infamous claim that the 2020 election was “the most secure in American history” is clearly belied by its own report two years after the fact.
“While we know there are many unfounded claims and opportunities for misinformation about our election process, we can assure you that we have the utmost confidence in the security and integrity of our elections, and you should as well,” the statement said. “When you have questions, speak to election officials as a voice of confidence in the election administration.”
But election security officials issued such a blasé statement without being able to know all the facts about the 2020 election. CISA may claim it has no evidence of exploitation of voting machines, but voters wonder if it’s because she hasn’t seriously looked. After all, the CISA is only now admitting that all of voters’ concerns about the poor security of Dominion voting machines were valid. Yet all of these worried voters have been branded “conspiracy theorists” for years. Turns out they were right to be concerned.
Florida state wins huge victory in 2022 congressional election court battle
(TLB) released this article from Becker News as compiled and written by Kyle Becker
Featured header image (modified) Credit: Dominion Voting Systems/Original Becker News Article
Emphasis Added by Editors (TLB)
Stay tuned for…
The Liberty Beacon Project is now growing at an almost exponential rate, and we are grateful and delighted! But we must also be practical. For 7 years, we asked for no donations and built this project with our own funds as we grew. We are now experiencing ever growing pains due to the large number of websites and projects we represent. We have therefore just installed donation buttons on our websites and ask you to take this into account when you visit them. Nothing is too small. We thank you for all your support and consideration… (TLB)
Comments Policy: As a private website, we reserve the right to remove comments that contain spam, advertising, vulgarity, threats of violence, racism, or personal/abusive attacks against other users. This also applies to trolling, using multiple aliases, or simply intentional mischief. Application of this policy is at the discretion of the administrators of this website. Repeat offenders may be blocked or permanently banned without prior warning.
Disclaimer: TLB’s websites contain copyrighted material, the use of which has not always been specifically authorized by the copyright holder. We make this material available to our readers under the terms of “fair use” with the aim of advancing a better understanding of political, health, economic and social issues. The material on this site is distributed on a non-profit basis to those who have expressed a prior interest in receiving it for research and teaching purposes. If you wish to use copyrighted material for purposes other than “fair use” you must seek permission from the copyright holder.
Disclaimer: The information and opinions shared are for informational purposes only, including, but not limited to, text, graphics, images and other materials are not intended to be used as medical advice or instruction. Nothing mentioned is intended to replace professional medical advice, diagnosis or treatment.