Halderman’s hacks were simple yet alarming; he manipulated the results of a hypothetical election, producing as many ballots as desired, and even managed to reboot a machine into “safe mode” by inserting a pen into the voting machine. Once in this mode, he could freely edit files, tweak settings, and install malware, gaining “super-user” access and the potential to alter any aspect of the machine’s operation. “All it takes is five seconds and a Bic pen,” Halderman remarked, evoking a sense of urgency in addressing these vulnerabilities.
Despite the exhibition of these flaws, election officials counter by highlighting the absence of any known hacking incidents in real Georgia elections, asserting that a series of security measures—locks, seals, and poll worker vigilance—safeguard against such interference. State Election Board member Matt Mashburn questioned the practicality of these flaws being exploited, suggesting the difficulties in manipulating multiple machines simultaneously, thus minimizing the perceived danger.
However, Halderman’s findings, which were validated by the U.S. Cybersecurity and Infrastructure Agency (CISA) in June 2022, tell a different story. He indicated that a malicious actor could wreak havoc on an election, creating chaos by changing touchscreen programming, a process that while swift could cast doubt on the legitimacy of ballots, particularly in a significant election. The vulnerabilities unveiled could affect not just one voting machine but potentially have broader implications if someone accessed election management servers.
