Skip to Content
Security & privacy

A flaw in voting machines has been known about for 11 years, yet still hasn’t been fixed

We would all like to think our country’s voting system is a model of efficiency, and that our votes are always counted accurately. Whether you submit your choices via a paper ballot with lines marked across them or holes punched, or even electronically, there is a measure of trust involved in the process.

But what if we could no longer have faith that everything would be tallied accurately and fairly? Would that change how we view the entire process?

Probably, and as stories of potential election meddling and hacking have circulated, you’d think the government would do all it can to prevent any kind of problems.

Except that’s apparently not the case

No, instead, it turns out that a disturbing security flaw exists. Worse, it has been known about for 11 years with still nothing being done to correct it.

The issue impacts the M650 high-speed ballot scanner, which is made by Election Systems & Software and is used in 23 states across the nation. The disturbing findings were summarized by security researchers at the DEF CON hacking convention in Las Vegas.

The machines can be hacked with an infected removable Zip drive that could transmit malware. The machines also have a built-in network port that can also be used to transmit an infection.

According to the researchers, the M650 counts paper ballots for entire counties, meaning if hacked, they could easily impact an election. Knowing that, it certainly makes you wonder why nothing has been done about the flaw, which was first discovered and reported way back in 2007.

The report did not list the 23 states under scrutiny, but the M650 machine was used during the 2016 national elections in various counties in Arizona, Arkansas, California, Colorado, the District of Columbia, Florida, Idaho, Illinois, Indiana, Kansas, Minnesota, Missouri, Montana, Nebraska, New Jersey, North Carolina, North Dakota, Ohio, Oregon, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Washington, West Virginia and Wyoming.

It’s not just the M650 that’s worrisome

In a lot of ways, this specific machine — which scans paper ballots at a rate of more than 300 per minute — is a symbol for what is now an outdated voting infrastructure. For a variety of reasons, technology used to count votes has not kept pace with that of those who may look to affect them.

It would help if the people who could fix the flaw understood that there was one. Election Systems & Software, which makes the M650, believes its security protections are strong enough so that hacking them would be very difficult, especially in a real-world environment.

The Associated Press asked Election Systems & Software about why the Zip drive vulnerability has not been corrected, especially as it has been known about for more than a decade. They received no response, though as of now the M650 is not listed on their website to be sold.

But even if it’s not, this kind of problem likely isn’t going away. You might remember another story that came out of DEF CON, in which it was revealed a voting machine used in 18 different states was susceptible to infiltration without the need of special tools or even any kind of specific knowledge.

The authors of the report are urging Congress to step in now and make elections more secure. This summer, bipartisan legislation to fund cybersecurity for election systems was killed.

Voters, meanwhile, will find themselves stuck until somebody does something. Touch-screen voting machines have been shown to be vulnerable before, and now the machines that count paper ballots look hackable, too.

cryptocurrency e-book hero

New eBook: ‘Cryptocurrency 101’

Don't want to lose your dough to crypto? Check out my new eBook, "Cryptocurrency 101." I walk you through buying, selling, mining and more!

Check it out