The company has also sued former Trump campaign advisor Rudy Giuliani for making similar statements. In January 2021, Dominion filed a $1.3 billion defamation lawsuit against attorney Sidney Powell, citing her repeated allegations that the company changed votes for Trump to votes for Biden. A Georgia judge previously dismissed a lawsuit alleging voter fraud in the 2020 election. Top election officials - including Georgia's Republican secretary of state and governor - repeatedly insisted there was no evidence of breaches or changed election results. But the device can also be utilized as a purely electronic voting machine, without paper ballots.ĭominion voting systems, a manufacturer of voting machines used in 28 states, fell into the spotlight following the 2020 election after supporters of former president Donald Trump claimed without evidence that such machines were used to tamper with ballots or rig results in claims debunked by fact-checkers. The ImageCast X voting machine enables voters to choose their preferred candidates on a touch screen and then print a paper record, similar to what voters did in Georgia during the election of 2020. "An attacker could leverage this vulnerability to print an arbitrary number of ballots without authorization." In one flaw identified by CISA, "the authentication mechanism used by voters to activate a voting session on the tested version of ImageCast X is susceptible to forgery," according to the advisory. "Jurisdictions can prevent and/or detect the exploitation of these vulnerabilities by diligently applying the mitigations recommended in this advisory, including technical, physical, and operational controls that limit unauthorized access or manipulation of voting systems." "Exploitation of these vulnerabilities would require physical access to individual ImageCast X devices, access to the Election Management System (EMS), or the ability to modify files before they are uploaded to ImageCast X devices," the advisory outlines. The advisory also points out that there are a number of barriers to taking advantage of the flaws in the voting machines. If provided a secrecy sleeve, the voter places the printed ballot inside it and deposits only the ballot into the ballot box while retaining the secrecy sleeve. The printed ballot does not include any information which could identify the voter.
Imagecast machines code#
The director noted in her statement that many of CISA's recommended mitigations "are typically standard practice in jurisdictions where these devices are in use" and "are able to detect exploitation of these vulnerabilities and in many cases would prevent attempts entirely if diligently applied, making it very unlikely that a malicious actor could exploit these vulnerabilities to affect an election." The ballot includes both a machine-readable bar code and a human readable text display. The CISA advisory, previously reported by the Washington Post, recommends several mitigation measures for states using the voting machines to detect or prevent exploitation of identified vulnerabilities. The flaws, some of which stem directly from machine design, are fairly technical and would likely require any perpetrator to have direct, physical access to voting devices and/or other equipment polling management equipment. While these vulnerabilities present risks that should be mitigated as soon as possible, CISA has no evidence that these vulnerabilities have been exploited in any elections.CISA has identified nine flaws within certain versions of Dominion Voting Systems ImageCast X software. Many of these mitigations are already typically standard practice in jurisdictions where these devices are in use and can be enhanced to further guard against exploitation of these vulnerabilities. Jurisdictions can prevent and/or detect the exploitation of these vulnerabilities by diligently applying the mitigations recommended in ICSA-22-154A, including technical, physical, and operational controls that limit unauthorized access or manipulation of voting systems. CISA has released an Industrial Controls Systems Advisory (ICSA) detailing vulnerabilities affecting versions of the Dominion Voting Systems Democracy Suite ImageCast X, which is an in-person voting system used to allow voters to mark their ballot.Įxploitation of these vulnerabilities would require physical access to individual ImageCast X devices, access to the Election Management System (EMS), or the ability to modify files before they are uploaded to ImageCast X devices.