After the 2016 presidential election, states like Pennsylvania said they would work on upgrading their voting machines to eliminate security issues. A new report of the Associate Press reveals that while US provinces have purchased new equipment, many of the machines use outdated software that may still be vulnerable to hackers.
The core of the problem is the operating system on which the machines run – Windows 7. Microsoft has released the operating system between 2009 and 2014 and it has since been overtaken by Windows 10. The company has reduced its support for the operating system, and will officially reduce support for end the following January.
In an analysis of voting machines in all 50 states, the AP says it has "found multiple battlefields affected by the end of Windows 7 support, including Pennsylvania, Wisconsin, Florida, Iowa, Indiana, Arizona, and North Carolina." Some states, such as Georgia and Michigan, are considering new systems that use Windows 7.
Furthermore, the AP says two out of three major election equipment vendors – Election Systems and Software LLC, and Hart InterCivic Inc. – are supply machines with outdated software: Hart InterCivic's operating system will reach the end of its regular support on October 13, 2020 (apparently Windows 10 Enterprise 2015 LTSBWindows 10 IoT Enterprise 2015 LTSB), while Election Systems and Software says it will offer a new system running on Windows 10. However, it is unclear whether that will be deleted for use and distributed to provinces before the 2020 elections in November. The AP says a third-party vendor, Dominion Voting Systems Inc., is not affected by the problem, but points out that it does have systems that it "has taken over from non-existent companies that may even run on older operating systems."
While states are preparing for the 2020 elections and placing orders for new systems, state officials in Pennsylvania, Michigan, and Arizona have indicated that they have talked to vendors about the software on the machines.
Election customers also had notable security issues – Election Systems and Software revealed that it installed potentially vulnerable remote access software on its machines, while Russians violated another vendor's computer systems, VR Systems, and were able to agree. in the voting databases of two Florida provinces prior to the 2016 election. To be clear, individual machines are notoriously vulnerable to hackers, but the decentralized nature of the US election infrastructure means it is difficult to change votes massively. But with a good election, foreign agents might mess up the election results, or at least undermine confidence in the final results.
Microsoft tells it AP that it will release free security updates for Windows 7 through 2023. But while the company can continue to release patches for its systems, system owners must actually install them. In 2017, the WannaCry cyber attack caused thousands of computers in more than 100 countries with versions of Windows XP and Windows 7 on which no security patches were installed. Windows eventually released a special patch for Windows XP users and has since issued additional patches to address new vulnerabilities. But even more than two years later, Microsoft says more than a million computers are still vulnerable to security breaches.