Final week, College of Michigan professor Dr. J Alex Halderman stood in entrance of a federal choose overseeing the seven-year-long Curling v Raffensperger case in Atlanta, Georgia and shocked the gallery. Halderman was capable of efficiently acquire “super user” entry to the Dominion ICX Poll Marking Gadget (BMD) utilizing nothing greater than a BIC pen.
The Gateway Pundit broke the story after interviewing an area citizen journalist who witnessed the hack firsthand within the courtroom.
Transcripts present that the “pen hack” was simply the tip of the iceberg.
In June 2022, the Cybersecurity Infrastructure and Safety Company (CISA) revealed a report detailing 9 vital vulnerabilities on the Dominion ICX BMDs, primarily based on the then-sealed report ready by Dr. Halderman. The 90-page report has since been unsealed.
For the layperson who doesn’t converse “geek,” the CISA report doesn’t articulate the seriousness of those vulnerabilities and, additional, what they will accomplish as soon as exploited. However maybe most significantly, how simply they are often exploited, typically routinely, even by minimally educated attackers.
The BIC Pen Assault
Initially, final week Dr. Halderman was in a position to make use of the BIC pen to press the ability button on the again facet of the Dominon ICX BMD for about 5 seconds, which rebooted the machine into “Safe Mode”. Dr. Halderman was in a position to do that with out eradicating or breaking any of the security seals which can be put in on the machine to “prevent” tampering.
As soon as the Dominion ICX BMD was booted into “Safe Mode,” Dr. Halderman was capable of launch the Android Launcher, which is a menu of various functions put in on the machine. He famous that the Android 5.1 is severely outdated. Present Android’s run model 14. When requested if Android 5.1 remains to be supported by the producer, Dr. Halderman answered, “it is not.”
Counsel then requested Dr. Halderman what he might do with any such entry, to which he responded. The transcript reads:
“Nicely, right here now we have the file supervisor. That is an utility that may let me on-screen navigate by way of the recordsdata on the machine. You should utilize that to copy or delete recordsdata or to open them up in an on-screen textual content editor and edit and even change the contents of the file on the display.
Right here, now we have the settings icon that lets you change any of the working systemwide settings or to take away or set up software program on the machine.
So by way of the settings functions is a technique that somebody might immediately set up malware utilizing this protected mode vulnerability.”
Dr. Halderman then mentioned an utility referred to as the terminal emulator. He described it as “particularly powerful.” The terminal emulator lets you run a command referred to as SU, or “Super User”. That is used to bypass the working methods safety controls. Dr. Halderman mentioned a pc would usually problem you for a secret password to realize any such Tremendous Consumer entry. However using this BIC pen hack, Dr. Halderman was capable of merely acquire that entry by way of a easy immediate:
“Would I like to allow superuser access, allow or deny.”
Dr. Halderman described what he was capable of accomplish with any such entry:
“Well, gosh, it — superuser access would allow me to — to read, to modify, or to change any of the data or software that is installed on the device.”
He was requested, “Are there any limits to what you could do to a ballot using this access?”
“To the ballot data on the machine? No,” he responded.
“Are there any limits to what you could do to the election software on the BMD with this access?”
“No.”
However this hack wasn’t found by Dr. Halderman. And it wasn’t found just lately. In reality, this vital vulnerability was found by the US Elections Help Fee (EAC) on January 16, 2020, 11 months earlier than the 2020 Presidential Election. In line with Dr. Halderman, it was the primary month that Georgia deployed the Dominion ICX BMDs.
Dr. Halderman beforehand acquired a Dominion ICX BMD for his preliminary testing and subsequent report in August of 2020, nearly eight months after this vulnerability was found by the EAC. It wasn’t remedied then and it doesn’t appear to have been remedied to today, a full 4 years later. The machine Dr. Halderman utilized within the courtroom for the demonstration was offered by Fulton County’s elections division within the configuration used presently in elections.
This was simply certainly one of many vulnerabilities that had been demonstrated in Decide Amy Totenberg’s federal courtroom.
The Good Card Hacks For Simply $30
The Dominion ICX BMD has a number of variations of playing cards which can be used to permit totally different features. Amongst them, technicians have a selected card. Ballot-workers have a selected card. And voters, after they check-in, are given a “one time use” card to vote.
Subsequent, Dr. Halderman demonstrated a vulnerability utilizing a counterfeit poll-worker card. For this ‘hack’, Dr. Halderman bought some good playing cards on-line for about $10 every. There are no restrictions from buying these playing cards on-line, as he famous. He then utilized a USB good card reader for $20 on Amazon and was in a position to make use of that to create a counterfeit poll-worker card for the Dominion ICX BMD.
Dr. Halderman then created a voter card by using his software program and the identical tools talked about above. This voter card differed from those issued at a polling location in that it may be used an infinite variety of occasions and in any location countywide for a similar election. Sometimes, a voter card issued to a voter by a ballot employee is a one-time use card.
The third kind of card that Dr. Halderman was capable of make was extra vital. This card is known as a technician card and it may be utilized to put in malware. Dr. Halderman testified:
“So a technician card is the third kind of Smart card for the ICX BMDs. A technician card is sort of like a master key. It unlocks a technician menu from which service workers at the county or Dominion personnel perform functions like loading the ballot designs before an election or performing software updates.”
He then inserted the technician card into the Dominion ICX BMD and bypassed the pin immediate that appeared. Then a immediate on-screen appeared and mentioned that the menu is unavailable whereas the ballot is open. His counterfeit technician card was capable of bypass that safeguard as nicely.
With this entry, Dr. Halderman was capable of again out of the appliance that runs throughout the election and entry the Android desktop. He then gained Tremendous Consumer entry, as soon as once more, however this time with a easy Good card he created utilizing gadgets bought on-line for about $30 and “without access to any secret information.” This is able to be undetectable as inserting a card into the Dominion ICX BMD is a required operate by the voter once they use the machine.
Counsel then requested him:
“Can automated commands be used to cause the machine to print ballots that do not reflect the voter’s intentions?”
“Yes, they can.”
“Did you need any nonpublic information to make the technician card?”
“Remarkably, no,” he responded.
It will get worse. A lot worse.
Half 2 of this collection to observe.
Throughout the testimony of Dr. Halderman, legal professional David Oles was not permitted to ask any questions of Dr. Halderman. Oles represents co-plaintiff Ricardo Davis of VoterGA.org. Yesterday, The Gateway Pundit reported that Oles was capable of get proffers submitted to the court docket concerning Dr. Halderman and Dr. Philip Stark’s testimonies.
The trial this explosive testimony and stay demonstration originated from is presently underway within the Northern District of Georgia in Decide Amy Totenberg’s court docket.
