Skip to Content
MIT Technology Review
Sign in
Computing

Worrying new holes have been uncovered in US electoral cyberdefenses

November 2, 2018

With voting in the 2018 midterm elections under way, a new analysis has revealed a security flaw hackers could exploit to corrupt voter registrations and election results.
 
The news: A study by ProPublica found that computer servers in two states, Kentucky and Wisconsin, were running software that could be compromised by a cyberattack. Kentucky’s system deals with online voter registration, while Wisconsin’s handles results reporting. The two states told ProPublica that voter registration data hasn’t been tampered with, and that they have robust cyberdefenses to prevent intrusions. Still, Wisconsin took its server offline after ProPublica contacted it.
 
The security flaw: The servers were using File Transfer Protocol (FTP), which is a 40-year-old set of software rules that dictate how networked computers transfer data files. FTP, which sometimes allows files to be transferred anonymously and without encryption, is notoriously insecure. A hacker could take advantage of its weaknesses to compromise a server and then use it to introduce malware or cause it to malfunction.
 
How it was found: ProPublica used internet protocol addresses for states’ election bodies to see if the servers associated with them had on-ramps to the internet, known as “ports,” that were publicly accessible. Open ports can be used to determine some of the software a server is using.

The bigger picture: As we’ve been reporting, the US electoral system still has plenty of tempting targets for hackers, in spite of efforts to bolster security since the 2016 presidential race. Electronic voting machines are especially vulnerable. Yet in spite of this, we’re still seeing evidence of concerning glitches. In Texas, a technical issue with electronic machines has sometimes caused votes being cast in the hotly contested senate race to be switched accidentally between candidates.

This isn’t the result of a hack—election officials have blamed voters for tapping too fast on screens. But the fact that such a basic issue with the hardware hadn’t been identified and corrected in the run-up to the election is still deeply disturbing.

Deep Dive

Computing

What’s next for the world’s fastest supercomputers

Scientists have begun running experiments on Frontier, the world’s first official exascale machine, while facilities worldwide build other machines to join the ranks.

The future of open source is still very much in flux

Free and open software have transformed the tech industry. But we still have a lot to work out to make them healthy, equitable enterprises.

The beautiful complexity of the US radio spectrum

The United States Frequency Allocation Chart shows how the nation’s precious radio frequencies are carefully shared.

How ubiquitous keyboard software puts hundreds of millions of Chinese users at risk

Third-party keyboard apps make typing in Chinese more efficient, but they can also be a privacy nightmare.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.