Security researchers have found 35 back-end election systems in 10 states that have connected to the Internet at some point during the past year, which puts them at risk of being hacked or manipulated, as reported by first time for Motherboard . The researchers also discovered that electoral systems are behind firewalls that could be badly configured or insecure.
The systems are made by Election Systems & Software, the leading voting machine company in the United States. ES&S told Motherboard that the systems do not connect to the "public Internet," a claim the company had made before the investigation. But several of the sites named by the researchers were disconnected shortly after the findings were revealed, suggesting that the researchers' conclusions are valid.
These are not the first concerns about ES&S security practices: in 2018, the company revealed that it installed remote access software on some voting machines between 2000 and 2006. No report found evidence to suggest that the systems or systems vote counts were manipulated. Still, undisclosed vulnerabilities raise new questions about the security of the United States voting system.
ES&S contradictory statements are particularly worrisome in the period leading up to the 2020 US elections. Many government officials have warned that electoral systems are at risk, but Senate majority leader Mitch McConnell (R- KY), has not voted on any of the proposed bills to improve electoral security.
And, many new voting machines that it sells are not kept up to date with the strict security practices required to combat electoral interference. A recent report by Associated Press found that many completely new electoral systems in Pennsylvania, including those made by ES&S, are running Windows 7, which will no longer receive patches or technical support from next year, at which time Microsoft will require a fee for updates.