Top U.S. Voting Machine Company Admits to Backdoors in Products

backdoor

Election Systems and Software (ES&S), the nation’s largest manufacturer of voting machines, has admitted they installed potentially compromising backdoor software on machines sold over a six-year period.

The admission came by way of a letter to Senator Ron Wyden. The software, pcAnywhere, was sold on voting machines between 2000 and 2006. This admission directly contradicts statements made by the company in February, when they insisted that they had never used the remote access software.

PcAnywhere is a program created to ostensibly provide tech support to machines and facilities via off-site technicians, but it is a favorite attack vector for hackers, as it provides remote and complete access to host computers–in this case machines that contain votes. Senator Ron Wyden has referred to the presence of remote access software on voting machines as “…the worst decision for security short of leaving ballot boxes on a Moscow street corner.”

Compounding the seriousness of the matter, the version of pcAnywhere installed by ES&S has a security issue. Specifically, its source code was stolen in 2006. This went undiscovered for the next six years. It’s unknown exactly how many voting machines were deployed with the compromised software, but there was at least one still being used in Pennsylvania as late as 2011.

This news comes on the heels of this week’s indictment of twelve Russian hackers for interfering in the 2016 election, as well as Donald Trump’s acceptance of Russian president Vladimir Putin’s denial of the charges that Russia attempted to affect the results of the 2016 election.

Read more about the story here.