Mildly hyperbolic - they denied twice in 2019 and once in 2012.
Let's see...
Dominion Voting Systems Assure 1.3
The initial attempt at accumulating all of the votes cast showed an error in that the optical accumulator software and firmware did not include all of the votes cast using the optical scanner.
Dominion took the position that the law only requires that there be a log, and does not say how it should be provided or that it be conveniently available.
Texas rules require that there be no access to the operating system (in this case Windows) during tabulation. Although GEMS enforces this, it is implemented using features of Microsoft Windows, and can be turned off by anyone with Windows administrative rights, provided GEMS has not been started.
GEMS permanently lost the log entries for all the events that occurred while the printer was offline, and the fact that the printer was offline and then powered off was itself not logged.
A method was discovered to subvert the printed audit log on the GEMS system, initially preventing audit events from being printed and then erasing all record of them.
The version of the system currently deployed in Texas has security certificates that expire in June 2013 and January 2014, making those systems nonfunctional after those dates. The remedy proposed is to ignore dates on certificates
oof. ...And AFAICT they just did blackbox testing, mainly taking the vendor's word on the software internals.
Dominion Voting Systems Democracy Suite 5.5
A distinguishing feature is the pervasive use of commercial of-the-shelf components, or COTS components in the industry parlance. COTS components are standard hardware or software products, as opposed to custom-made components.
the D-Suite voting terminals are commercially available Android tablets
Similarly, the PCs, networking gear, hard drives, printers, and some scanners are COTS.
aaaaaahhhhhhh
6.Election definitions were created on a different version of the software.To facilitate testing, Dominion created in advance the election definition we used during the exam, as requested by the Secretary of State. However, they did so using an older, uncertified version of D-Suite. In my opinion, this does not introduce a significant risk, but it shows a disturbing lack of care by Dominion.
although the agenda provided to the vendor indicated that the majority of the first day of the examination would involve the installation of the software and firmware for the equipment from a trusted build of the software provided by the EAC, the vendor arrived with all firmware and software already installed on all of the equipment. The vendor was instructed to remove all software before the examination could begin, so that the examiners could verify that the version of the software being examined was the same version that had been previously certified by the EAC.
I'm noticing a trend here.
While data file contents are protected by encryption and signing, the network communication channel itself is not encrypted.
yep, classic padlock on a screendoor...
The aValue 21” Tablet has a set of doors to cover data and power ports. The doors are secured with a hasp fastener using a zip-tie seal. Even with the seal fully tightened in place, the door could be opened wide enough to access the data ports (see Illustration 2). With a caliper type tool a person could easily extract or insert USB or network devices. This is a serious security flaw.
...not helping...
If a USB device was added while the tablet was powered down, no warnings appeared at startup and the poll worker could open the polls unaware of any change
thisisfine.
Android 4.4 OS
I wonder if there are any ADP exploits for 4.4...
Dominion Voting Systems Democracy Suite 5.5-A
The ethernet port is active on the ICX BMD during an election.
sigh...
The EMS software will run without the hardening script being applied.
However,when a secondUSB drive was insertedinto the ICX BMD, it was not logged.It was explained that the second drive would not be read by the software and therefore was not a risk of infectingthe machine.
Tell that to USB descriptor parsing exploits...
USB Port Vulnerability. The ICX ballot-marking device has an indicator light on top to show poll workers when the station is in use. That light is connected by a USB port. When Brian Mechler’s phone was attached to the USB port, the ICX scanned the files on his phone and did not complain
AAAAHHHH
The firmware is installed using a 1 character pin code along with a physical technician key, and the pin code cannot be changed.
The ICP also allows for the installation of firmware from prior versions of Democracy Suite which are not certified for use in Texas.
I know of hard drives with better security than that...
These voting machines are closed Black Box Unknowns. No sane inspector would sign off on them.
Imagine some of these Dem States didn't have a neutral inspection process to speak of.
As someone in the embedded software world, that's an understatement.
Mildly hyperbolic - they denied twice in 2019 and once in 2012.
Let's see...
oof. ...And AFAICT they just did blackbox testing, mainly taking the vendor's word on the software internals.
aaaaaahhhhhhh
I'm noticing a trend here.
yep, classic padlock on a screendoor...
...not helping...
thisisfine.
I wonder if there are any ADP exploits for 4.4...
sigh...
Tell that to USB descriptor parsing exploits...
AAAAHHHH
I know of hard drives with better security than that...