Election security is currently top of mind for the American public, as we struggle to find technology that enables everyone to cast a vote without putting those votes at risk of manipulation by state actors and hacktivists. At Bishop Fox, we know just how critical this is for not only this election, but for future elections and for voting technology manufacturers going forward.
On a broader scale, it’s important that security researchers band together to help analyze and responsibly disclose security issues with manufacturers to protect the interests of the public – transparently disclosing those findings and helping to create solutions to fix vulnerabilities.
Recently, our CEO Vincent (we call him “Vinnie”) Liu was asked to stand as a technical expert in a case involving the State of Georgia and digital voting machine security (Curling v. Raffensperger). As a witness, Liu and Bishop Fox Labs tested and validated the security findings and analysis of Dominion Ballot-marking devices (BMDs) that will be used as the primary voting mechanism for the State of Georgia (as well as for Pennsylvania, California, and several other states) for the upcoming presidential election.
Despite the security concerns, a federal judge “rejected a last-minute attempt to replace the $104 million system with paper ballots until its problems could be sorted out,” according to the New York Times.
However, given that the security findings presented in the case have a potentially significant impact on future elections and in the interest of transparency, we wanted to share Vinnie’s commentary on the information presented by security researchers and analysts in this case:
“Malicious software implants on BMDs. It is asserted […] that a BMD has an icon that can be pressed at any time during a vote to display a SHA-256 hash-based checksum of the BMD’s software. The checksum can be visually inspected by election officials to ensure that it matches a known-good expected value…. This checksum is intended to present evidence that the BMD is running software that has not been modified by malware.
The most obvious flaw with this approach to security is that it ignores that malware can circumvent this check. This approach relies on the equipment to perform integrity checks of itself, which is unreliable and counter to well-accepted cybersecurity principles and practices. A BMD infected with malware could easily report the “correct” SHA-256 checksum and there would be no means to verify whether or not the checksum was valid or a malware deception.
In short, the security feature Dominion is using (checksum), provides only what is considered in the cybersecurity community “security theater,” said Liu, “not meaningful, verifiable integrity validation.”
Vinnie’s statements in the case are available in full to the public and demonstrated Bishop Fox’s dedication to supporting responsibly disclosed security research, working toward the common good, and fully substantiating security claims that could impact the public.
“We believe that every vote counts and the tampering of a single vote can turn the tide of the election,” said Vinnie. “We need to come together in the security community to support the work we’re doing to protect people and their data. Security risks can and do impact every area of our lives and it’s our responsibility to do whatever we can to work alongside manufacturers, technology companies, and government organizations to guard our people against attackers.”