Georgia’s voting machines are the worst in the nation!
According to J. Alex Halderman, a computer scientist from University of Michigan, who was tasked with analyzing Georgia’s voting machines for the court case. (Curling v. Raffesperger) Georgia’s voting system is the worst in the nation. Professor Halderman’s 96 page report exposing 7 vulnerabilities in Georgia’s Voting System was just released to the public this summer on June 16, 2023 Overview: All voting systems face cyber security risks. As the National Academies of Sciences & Engineering recently concluded “There is no realistic mechanism to fully secure vote casting and tabulation computer systems from cyber threats” However, not all voting systems are equally vulnerable. But Georgia’s BMD voting system is so insecure that it violates voter’s constitutional rights.
In Professor Halderman’s report, he demonstrates that there are seven vulnerabilities that provide multiple routes by which attackers can install malicious software on Georgia’s BMD.
He explains how such malware can alter voter’s votes while subverting all of the procedural protections practiced by the state, including acceptance testing, hash validation, logic and accuracy testing, external firmware validation, and risk-limiting audits (RLAs).
1. Attackers can alter the QR codes on printed ballots to modify voter’s selections. Critically, voters have no practical way to confirm that the QR code matches their intent.
2. The software update that Georgia installed in October 2020 left Georgia’s BMDs in a state where anyone can install malware with only brief physical access to the machines in the polling places, even by non-technical voters.
3. Attackers can forge or manipulate the smart cards that the ICX uses to authenticate technicians, poll workers, and voters... without needing any secret information, I created a counterfeit technician card that can unlock any ICX in Georgia, allowing anyone with physical access to install malware 4. Halderman demonstrates that attackers can execute arbitrary code with root (supervisory) privileges by altering the election definition file that county workers copy to every BMD before each election. Attackers could exploit this to spread malware to all BMDs across a county or the entire state 5. The ICX contains numerous unnecessary Android applications.... An attacker can alter the BMD’s audit logs simply by opening them in the on-screen Text Editor application 6. An attacker with brief access to a single ICX or a single Poll Worker Card and PIN can obtain the county- wide keys and alter the results of the entire election..
7. The ImageCast Precinct (ICP) scanner stores ballot scans in the order they were cast. A dishonest election worker with just brief access to the scanner’s memory card could violate ballot secrecy and determine how individual voters voted.
Georgia election officials have been aware of the existing vulnerabilities in the states voting software for more than two years but continue to insist that the system is safe and won’t be updated until after the 2024 elections.
Professor Halderman said, “Delaying the security patches unto 2025 is ‘worse than doing nothing.’ since it puts would-be adversaries on notice... giving them 18 months to prepare and deploy attacks.”
Does knowing that Georgia has the worst voting system in the nation bother you as much as it does me? We need to get rid of this entire voting system and go back to paper ballots. Without safe and secure elections, Democracy cannot exist!
Professor M. Thomas Seaman, Richmond Hill