- Cardi B says she drugged, robbed men in her past on Instagram Live Monday 8:03 PM
- Twitter thread roasts bathtub tray ads for women Monday 7:21 PM
- Nintendo set to release two new models of the Switch—possibly in 2019 Monday 6:45 PM
- Viral cat video ‘Dear Kitten’ finds new life in TikTok challenge Monday 5:30 PM
- Here’s every show that was announced at the Apple TV+ kickoff Monday 3:53 PM
- ‘Shazam!’ embraces the spectacle and heart of the superhero genre Monday 3:45 PM
- How to mute Twitter’s suggested tweets on your timeline Monday 3:02 PM
- What you need to know about Apple’s new streaming service Monday 2:32 PM
- Text-message fanfiction is taking over Instagram Monday 1:54 PM
- Your Asus computer might have a secret backdoor Monday 1:06 PM
- Trump is already fundraising off the Mueller report—even though no one’s seen it Monday 1:01 PM
- Michael Avenatti charged with trying to extort $20 million from Nike Monday 12:51 PM
- Logan Paul says being a YouTuber is ‘wack’ Monday 12:14 PM
- James Comey posts from a forest in wake of Mueller report Monday 10:35 AM
- These are the only online dating sites worth your time Monday 10:29 AM
Voting machine vendor admits to putting remote access software on U.S. systems
The company, Election Systems and Software, previously denied doing so.
In a note to a federal lawmaker, one of the country’s biggest voting machine makers admitted to a potential major security hole in its devices. The company installed remote connection software on election-management systems for several years in the early 2000s.
Election Systems and Software said that it “provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006,” according to Motherboard. The company previously denied doing so when contacted by reporter Kim Zetter and New York Times fact checkers for an investigation published in February.
pcAnywhere allows remote system administrators to maintain and upgrade machines. However, such software poses a security risk: It means these devices are connected to the internet, which leaves them vulnerable to hacking by third-parties, like any IoT connected device. (The Election Integrity Act of 2016 further banned voting machines from connecting to the internet.)
“If an attacker can gain remote access to an election-management system through the modem and take control of it using the pcAnywhere software installed on it, he can introduce malicious code that gets passed to voting machines to disrupt an election or alter results,” Zetter writes for Motherboard.
Election Systems and Software’s products were used for at least 60 percent of U.S. ballots cast in 2006, according to Motherboard. These systems aren’t the ones that voters directly input their votes on, but county election offices use them to program voter machines and calculate results from those machines. Thus, they form a critical part of the modern electoral process.
The company reportedly stopped installing the pcAnywhere software on its election-management machines in December 2007. At that time, a new set of standards for voting systems went into effect which required Election Systems and Software’s machines to be federally tested and certified to contain only election-released programming.
Before this time, Election Systems and Software was not alone: Other election-management device makers also shipped their products with remote-login capabilities.
It’s unclear why Election Systems and Software decided to about-face on its use of remote connection software, but it’s now evident that it was a terrible security decision that could have opened up American elections to exploitation by hackers.
Sen. Ron Wyden (D-Ore.), who spearheaded this inquiry, is still waiting on the company to answer questions he asked back in March. Election Systems and Software was also asked to send a representative to an election security-related meeting last week with the Senate Committee on Rules and Administration. The company did not send anyone to the Senate hearing.
H/T the Daily Beast
Christina Bonnington is a tech reporter who specializes in consumer gadgets, apps, and the trends shaping the technology industry. Her work has also appeared in Gizmodo, Wired, Refinery29, Slate, Bicycling, and Outside Magazine. She is based in the San Francisco Bay Area and has a background in electrical engineering.