Security Analysis of the Dominion ImageCast X Voting Machines

Alex Halderman:

Our report explains how attackers could exploit the flaws we found to change votes or potentially even affect election outcomes in Georgia, including how they could defeat the technical and procedural protections the state has in place. While we are not aware of any evidence that the vulnerabilities have been exploited to change votes in past elections, without more precautions and mitigations, there is a serious risk that they will be exploited in the future.

The report was filed under seal on July 1, 2021 and remained confidential until today, but last year the Court allowed us to share it with CISA—the arm of DHS responsible for election infrastructure—through the agency’s coordinated vulnerability disclosure (CVD) program. CISA released a security advisory in June 2022 confirming the vulnerabilities, and Dominion subsequently created updated software in response to the problems. Georgia Secretary of State Brad Raffensperger has been aware of our findings for nearly two years, but—astonishingly—he recently announced that the state will not install Dominion’s security update until after the 2024 Presidential election, giving would-be adversaries another 18 months to develop and execute attacks that exploit the known-vulnerable machines.

Beyond these implications for election practice, our work is scientifically significant. It is the first study in more than 10 years to comprehensively and independently assess the security of a widely deployed U.S. voting machine, as well as the first-ever comprehensive security review of a widely deployed ballot marking device. Security researchers studied numerous U.S. voting machines 10-20 years ago, and their findings clearly established that voting equipment tends to suffer from security flaws. Yet one might wonder whether election equipment sold today is more secure than equipment produced in decades past. Our findings suggest that the answer is no. This highlights the need for further enhancements to the software engineering, testing, and certification processes for U.S. voting equipment, and it underscores the importance of conducting rigorous post-election audits of every major electoral contest, as recommended by the National Academies.