Hackers Let Loose on Voting Gear Ahead of US Election Season

Ethical hackers were given voluntary access to digital scanners, ballot markers, and electronic pollbooks, all in the name of making the voting process more resilient to cyber threats.

Dark Reading Staff, Dark Reading

September 22, 2023

1 Min Read
Star shaped confetti for election or 4th of july
Source: Jon Helgason via Alamy Stock Photo

Election machine manufacturers are opening their wares to hackers in an effort to harden voting security ahead of next year's US Presidential Election.

This week's first-ever Election Security Research Forum featured organized pen testing and bug research for digital scanners, ballot marking devices, and electronic pollbooks, with a primary focus on the technology that voters may encounter at a polling site. The forum also enabled security researchers to engage with the vendors of the systems.

Notably, this marked the first time such manufacturers voluntarily offered their systems for third-party review as part of a vulnerability disclosure process, according to the Forum.

"The reality is that security research happens whether the vendors invite it or not, so this shift in relationship and approach takes advantage of the existing dynamics of the Internet in order to make the democratic process more resilient, and more trustworthy," said Casey Ellis, founder and CTO at Bugcrowd, in an emailed statement. "Ultimately, all vendors and every organization associated with the democratic process should be doing this."

The Forum, which is the culmination of five years of planning by the IT-ISAC's Elections Industry Special Interest Group (EI-SIG) is just the first fruit of a program built to work on what is arguably one of the most critical cyber threat surfaces in existence.

"What I enjoyed most was watching the lights come on for both audiences: As hackers in the room understood the complexity and gravity of election systems as a security target, and as the voting service providers got to see and understand the hacker mindset in action," Ellis noted. "This was a pilot event and overall, I feel that it was a 'successful first blind date.'"

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights