Halderman Report: Dominion Machines Can Be Defeated During Certification Testing and Can Spread Malware Throughout a County
Last week, Judge Amy Totenberg unsealed a long-anticipated report by Michigan University’s Professor J. Alex Halderman. According to a tweet summarizing his findings, Prof. Halderman claimed that not only did they find “critical issues”, such as an arbitrary-code-execution vulnerability, but that these flaws remain unpatched. And will not be patched until after the 2024 Presidential Election, despite CISA releasing a security advisory and Dominion, in response, creating an update to the software. Georgia Secretary of State Brad Raffensperger has been aware of the issues for two years now, and with 18 months to go until 2024’s election, he will not update the machines to help secure these vulnerabilities.
Prof. Halderman states in his blog based on the report that “the most critical problem we found is an arbitrary-code-execution vulnerability that can be exploited to spread malware from a county’s central election management system (EMS) to every BMD in the jurisdiction.