Recommendation denied due to USB port vulnerability.

When a phone was attached to the USB port on the ICX BMD (ballot-marking device) Dominion machine, the machine read files on the phone and did not "complain". I take "complain" to mean that the machine did not show an alert, error, or stop any functionality when it was scanning files from the phone. Sometimes the machine "complained" when a USB drive was inserted, but sometimes it did not.

This BMD prints ballots, but does not tabulate them. These ballots are printed with a QR code that is then scanned in the tabulator to count the vote, as well as a human-readable list that can be double-checked by the voter. HYPOTHETICALLY, I propose that the QR code could say something different than the human-readable list. The Texas report states that the QR code could be double checked by someone scanning it and reading the results, but how many people would do that? Also, a QR code is not only limited to printing out a list, but it can pass on a command to a computer, so who the hell knows that the tabulator that reads the QR code will eventually do.

Read the report for yourself: https://www.sos.texas.gov/elections/forms/sysexam/oct2019-sneeringer.pdf

picture of the USB port is included