Federal review says polls didn’t take advantage of Dominion software flaws – Henry’s Club

According to an analysis by the US Cybersecurity and Infrastructure Security Agency, the vulnerabilities have never been exploited in elections and to do so would require physical access to voting equipment or other extraordinary criteria that circumvent standard election security practices. .

But since the topic is the Dominion Voting Tool, which has been the target of conspiracy theorists who falsely claim that the 2020 election was largely fraudulent, federal and state and local officials attempt to weaponize reports of vulnerabilities. Refused to choose. before the midterm elections.

“While these vulnerabilities present risks that should be mitigated immediately, CISA has no evidence that these vulnerabilities were exploited in any election,” the agency said in a draft CISA advisory for state and local governments published Friday. Is.” Shared at a briefing with officials.

In preparation for the disclosure of software vulnerabilities, CISA on Friday announced its “”.control of rumors“website, which it used to refute claims of electoral fraud with a new entry during the 2020 election.

“The existence of a vulnerability in election technology is not evidence that the vulnerability has been exploited or that election results have been affected,” the new Rumor Control posting said.

The CISA analysis is of a security evaluation of the Dominion Voting System’s ballot-marking devices by a University of Michigan computer scientist at the behest of the plaintiffs in the long-running lawsuit against Georgia’s secretary of state.

computer scientist, J. Alex Halderman was given physical access over several weeks to Dominion ballot-marking devices, which print out a ballot after voters make their choice on a touch screen.

Halderman’s report is still under the seal of the court.

But according to Halderman and people who saw the report, it claims to demonstrate how software flaws can be used to replace QR codes printed by ballot-marking devices, so those codes can be used as inputs by the voter. Can be done for votes. does not match. Post-election audits, which compare paper trails with votes recorded on machines, can catch discrepancies.

The nature of computing means that all software has vulnerabilities if you look closely enough, and the software used in polling is no different. But election experts say that post-election audits as well as physical access controls and other layers of defense help reduce the risk of vote rigging through cyberattacks.

The CISA warning notes that most jurisdictions using the machines tested have already adapted the minimization recommended by the agency. A person with knowledge of the matter said that Dominion has provided updates to the machines to address the vulnerability.

CNN has reached out to Dominion for comment.

Separately, the Georgia Secretary of State’s office issued a statement Friday on a review of the state’s election systems conducted by Mater Corp., a federally funded nonprofit. While the METAR report has not been made public, Georgia’s Deputy Secretary of State Gabriel Sterling said in a statement on Friday that the report showed that “current procedural safeguards can actually identify any vulnerabilities for any bad actor.” can.” Not likely to take advantage. ,