"Professor Halderman wrote about his findings in a blog post on Wednesday.
Back in September 2020, the Court granted the Curling Plaintiffs access to one of Georgia’s touchscreen ballot marking devices (BMDs) so that they could assess its security. Drew and I extensively tested the machine, and we discovered vulnerabilities in nearly every part of the system that is exposed to potential attackers. The most critical problem we found is an arbitrary-code-execution vulnerability that can be exploited to spread malware from a county’s central election management system (EMS) to every BMD in the jurisdiction. This makes it possible to attack the BMDs at scale, over a wide area, without needing physical access to any of them.
Our report explains how attackers could exploit the flaws we found to change votes or potentially even affect election outcomes in Georgia, including how they could defeat the technical and procedural protections the state has in place. While we are not aware of any evidence that the vulnerabilities have been exploited to change votes in past elections, without more precautions and mitigations, there is a serious risk that they will be exploited in the future.
After the report’s release, Professor Halderman tweeted that Georgia Secretary of State Brad Raffensperger would not install Dominion’s security patches before the 2024 election.
Now this… on Friday, in a Federal Court In Atlanta, Georgia, J. Alex Halderman was able to HACK A DOMINION VOTING TABULATOR In Front Of U.S. District Judge Amy Totenberg in the courtroom!
Halderman USED ONLY A PEN TO CHANGE VOTE TOTALS!
This is part of a long-running lawsuit by election integrity activists set as a bench trial.
The plaintiffs seek to remove what they say are insecure voting machines in Georgia in favor of secure paper ballots."
