Election Systems & Software had pre-installed Remote-access software on popular voting machinesJuly 04, 2018

There has been no evidence or traces of the recent hacking on the 2016 presidential election, carried out by the Moscow hackers of accessing any of the 350,000 electronic voting machines and changing the number of votes from remote

Americans claim that all the voting machines were air-gapped to physically secure the system by isolating them from the unsecured systems. However, that is proven wrong as the Election Systems & Software which is known to be the largest manufacturer of voting machines, had pre-installed the voting machines with remote-access software.

"The American public has been repeatedly assured that voting machines are not connected to the internet, and thus, cannot be remotely compromised by hackers," Wyden, a senior member of the Senate Intelligence Committee, wrote in the letter to Election Systems & Software.

"The default installation or subsequent use of remote-access software on sensitive election systems runs contrary to cybersecurity best practices and needlessly exposes our election infrastructure to cyberattacks."

Wyden interrogated Election Systems & Software officials last year about the cyber security practices of the company, however, he had no convincing answers to his questions.

A spokesman for the senator’s office claimed that “ES&S did not answer Wyden’s questions about whether the company follows basic cybersecurity best practices.”

Wyden addresses the concerns raised in the New York Times Magazine report:

• Have the devices sold by the ES&S had pre-installed remote-access software
• Have the technical-support expert of the ES&S recommend clients to install remote access software on the voting machines or even the other election systems that did not deploy the remote access software on it already.

ES&S denied any knowledge of the installed remote access software:

"Election Systems and Software certifies our voting systems to the Voluntary Voting System Standards (VVSG) adopted by the Election Assistance Commission (EAC). The EAC VVSG does not allow for voting systems to be tested or approved with any form of remote-access software. In fact, an election-management system that is approved and tested to the EAC standard is required to be hardened. The term hardened in this case means that the server is locked down from any use other than that which has been approved under the standard and that it cannot contain any software application, including remote access software, which is not part of the certified end to end configuration. ES&S always adheres to these guidelines and, as such, does not sell or distribute products with remote access software installed."

There are other areas of system vulnerability, even when the remote access software is not installed

Most of the counties have devices with modems connected to it to send results to their central election office. However, the election commission claims that the transactions are safe as the information is sent through phone connection and not through the internet. Technically, in reality, most of the modems are cellular and deploys radio signals to communicate data to routers and cell towers which are a part of the internet. Considering the latter, it is completely possible to stop and alter the data being transmitted.

"The incorrect assertion that voting machines or voting systems can’t be hacked by remote attackers because they are ‘not connected to the internet’ is not just wrong, it’s damaging,” Susan Greenhalgh who is a spokeswoman for the National Election Defense Coalition told the New York Times Magazine.

It's a myth that probes users to instill false security preventing the lawmakers and corresponding officials from immediately demanding that all the voting systems deploy the use of paper ballots following a strict election audit.