The Cybersecurity and Infrastructure Security Agency has issued an advisory saying it found no evidence that vulnerabilities in Dominion in-person voting systems were exploited in any elections, CBS News reported Friday.
According to the advisory, CISA identified nine vulnerabilities in certain versions of Dominion Voting Systems ImageCast X software, including improper verification of cryptographic signatures, authentication bypass by spoofing, incorrect privilege assignment and origin validation error.
The agency said exploitation of these flaws would require physical access to ImageCast X devices, capability to alter files before they are uploaded to such devices or access to the Election Management Systems.
“Over the past week, we've been working with election officials on information regarding vulnerabilities affecting certain versions of Dominion Voting Systems' software,” CISA Director Jen Easterly, a 2022 Wash100 Award winner, said in a statement Friday. "Today, we are releasing this information publicly."
CISA recommends several measures election officials should take to prevent the exploitation of these vulnerabilities.
These include reaching out to Domain Voting Systems to determine which software updates need to be implemented; ensuring all affected devices are physically protected before, during and after voting; closing any background application windows on each ImageCast X device; disabling the “Unify Tabulator Security Keys” feature on the EMS and ensuring new cryptographic keys are used for each election; and conducting rigorous post-election tabulation audits.
“Many of these mitigations, which are typically standard practice in jurisdictions where these devices are in use, are able to detect exploitation of these vulnerabilities and in many cases would prevent attempts entirely if diligently applied, making it very unlikely that a malicious actor could exploit these vulnerabilities to affect an election,” added Easterly.