Cylance® Proves Voting Machine Vulnerabilities

IRVINE, CALIFORNIA, November 2, 2016 – Cylance® Inc, a leading cybersecurity company, today announced the successful exploitation of critical vulnerabilities in a common model of voting machine. The exploitation of these vulnerabilities was previously thought to only be theoretical in nature prior to this revelation by Cylance researchers. The compromise techniques are relatively simple to undertake, but do require physical access to the voting machine.

To help understand the risk to election integrity, Cylance produced a demonstration video of the techniques used to compromise the Sequoia AVC Edge Mk1 voting machine. The video shows how they were able to reflash the firmware with a PCMCIA card, directly manipulate the voting tallies in memory, and cause a vote for one candidate to be credited to another by altering elements of the device’s screen display.

Additionally, the video demonstrates how tallies can be manipulated on both the Public Counter and the Protective Counter, which was designed to act as a redundant verification system to ensure results are valid. Similar methods of exploitation have been proposed on a theoretical basis by other researchers such as those in 2007 with the paper “Source Code Review of the Sequoia Voting System”, and then later discussed in the Politico article “How to Hack an Election in 7 Minutes”, but Cylance is the first to successfully demonstrate any exploitation in the real world.

Additional information on the vulnerabilities and the exploit cannot be released publicly for election integrity reasons, but Cylance has provided details of the techniques to both Sequoia and government authorities, as well as providing suggestions for mitigation. Cylance recommends increased supervision/monitoring of physical access to electronic voting machines, especially as it pertains to any interfaces or ports except for the Voter Activation Card slot (typically on the front); Frequent verification of hardware or software errors, such as those displayed on operator screens (e.g. the LCD on the back of a Sequoia; Monitoring and verification of tamper-proof and/or tamper-evident seals (typically used to prevent or at least indicate tampering) surrounding the devices, ports, latches, etc.

For mitigation in the long term, Cylance recommends phasing out and replacing deprecated, insecure machines (namely those without robust, hardware-based firmware and data verification mechanisms). Also, additional due diligence of polling place volunteers/workers/officers may help mitigate possible collusion for tampering by these groups.

The units in question are known to be in use in numerous polling locations across the country. According to the VerifiedVoting.org website, the DRE-Touchscreen system manufactured by Sequoia will be used by 8,170,477 registered voters in 22,368 precincts. The discovery of the exploitation this week combined with the simplicity in which it was discovered (3-4 days) and the real potential for an adversary to compromise the voting machine’s integrity, compelled us to announce the research findings in advance of the 2016 elections. Our intent is to encourage mitigation of the vulnerabilities prior to Election Day.

“We believe that both the public and the appropriate regulatory agencies needed to be made aware of these issues immediately so that appropriate measures could be taken to better secure these voting machines,” said Cylance CEO and President Stuart McClure. “We also hope that the information we provided to the manufacturer will assist them in developing better devices moving forward so that we can ensure a secure election process.”

McClure is available to offer commentary on this issue.