Security researchers have found 35 backend election systems in 10 states that have connected to the internet at some point in the past year, putting them at risk of being hacked or tampered with, as first reported by Motherboard. The researchers also found that the election systems are behind firewalls that could be misconfigured or otherwise insecure.
The systems are made by Election Systems & Software, the top voting machine company in the United States. ES&S told Motherboard that the systems don’t connect to the “public internet,” a claim the company had made prior to the research. But a number of the sites named by researchers were pulled offline shortly after the findings were disclosed, suggesting the researchers’ conclusions are valid.
These aren’t the first concerns over ES&S’s security practices: in 2018, the company disclosed that it installed remote-access software on some voting machines from 2000 to 2006. Neither report found evidence suggesting that systems or voting tallies were manipulated. Still, the undisclosed vulnerabilities raise new questions about the security of the US voting system.
The contradictory statements from ES&S are particularly worrying in the lead-up to the 2020 US elections. Many government officials have warned that election systems are at risk, but Senate Majority Leader Mitch McConnell (R-KY) has not brought any of the proposed bills to improve election security to a vote.
And, many new voting machines it sells aren’t keeping up with the stringent security practices required to fight election interference. A recent Associated Press report found that many brand-new election systems in Pennsylvania, including those made by ES&S, run Windows 7, which will no longer gets patches or technical support starting early next year, at which point Microsoft will require a fee for the updates.