Following the 2016 presidential election, states like Pennsylvaniaindicated that they would be workingto upgrade their voting machines to allay security concerns. A newreport from theAssociate Pressreveals that while counties across the United States have purchased new equipment, many of machines are running outdated software that could still be vulnerable to hackers.
At the heart of the issue is the operating system that the machines run on — Windows 7. Microsoft released the operating system between 2009 and 2014, and it’ssince been overtaken by Windows 10. The company has scaled back its support for the OS, and will officiallyend support for it next January.
In an analysis of voting machines across all 50 states, theAPsays that it “found multiple battleground states affected by the end of Windows 7 support, including Pennsylvania, Wisconsin, Florida, Iowa, Indiana, Arizona and North Carolina.” Some states, like Georgia and Michigan, are considering new systems that use Windows 7.
Furthermore, theAPsays that two of the three major election equipment vendors — Election Systems and Software LLC, and Hart InterCivic Inc — are supply machines running outdated software: Hart InterCivic’s operating system will reach the end of its mainstream support on October 13th, 2020 (apparently Windows 10 Enterprise 2015 LTSBWindows 10 IoT Enterprise 2015 LTSB), while Election Systems and Software says that it will be offering a new system running on Windows 10. However, it’s unclear if that will be cleared for use and distributed to counties before the 2020 election in November. TheAPsays that a third vendor, Dominion Voting Systems Inc., is unaffected by the issue, but points out that it does have systems that it “acquired from no-longer-existing companies that may run on even older operating systems.”
As states begin to prepare for the 2020 elections and place orders for new systems, state officials in Pennsylvania, Michigan, and Arizona have indicated that they have spoken with vendors about the software on the machines.
Election vendors also have had notable problems with security — Election Systems and Softwaredisclosed that it installed potentially-vulnerable remote access softwareon its machines, while Russians breached the computer systems of another vendor, VR Systems, and were able tobreak into the voting databasesof two Florida counties prior to the 2016 election. To be clear, individual machines are notoriously vulnerable to hackers, but the decentralized nature of the US’s election infrastructure means that it’s hard to change votes en-masse. But, with a close election, foreign agents could potentially mess with election results, or at the very least, undermine confidence in the final results.
Microsoft tells theAPthat it will issue free security updates for Windows 7 through 2023. But, while the company can continue to release patches for its systems, system owners will need to actually install them. In 2017, theWannaCry cyberattack crippled thousands of computersin over 100 countries that were running versions of Windows XP andWindows 7that didn’t have security patches installed. Windows ended up issuing aspecial patch for Windows XP users, and has since released additional patches to fixnew vulnerabilities. But even more than two years later, Microsoft says that more than amillion computers are still vulnerableto security exploits.