Amidst the controversy surrounding foreign interference in U.S. elections, the nation’s premier voting machine manufacturer has revealed to the federal government that it installed remote-access software in several of its machines.
ES&S, the manufacturer in question, confessed in a letter to a federal lawmaker that remote-access software was reportedly installed in its election-management systems, which were sold over a six-year span.
ES&S sent the letter to Democratic Senator Ron Wyden, which was then accessed by Motherboard. The letter stated that the company “provided pcAnywhere remote connection software … to a small number of customers between 2000 and 2006.”
This statement directly contradicts the company’s previous statements.
A spokesman for ES&S stated during an investigation conducted in February:
“None of the employees, … including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software.”
ES&S has not responded to questions raised by Motherboard, which was seeking to address the contradiction.
During the 2006 election, over half of the ballots from voting Americans were cast through ES&S systems that contained remote-access software. ES&S reportedly stopped including the program in its systems after the Election Assistance Commission changed the standards for voting machines in the U.S. in late 2007.
Systems that contain pcAnywhere are usually “Air-gapped,” connected to the internet or to any internet-connected devices, for security reasons. However, pcAnywhere requires a modem for easier management of the systems, which creates a security gap that is accessible to hackers.
ES&S explained its use of the software:
“In some cases, the Technical Support representative accesses the customer’s system through PCAnywhere—off-the-shelf software which allows immediate access to the customer’s data and network system from a remote location—to gain insight into the issue and offer precise solutions. ES&S technicians can use PCAnywhere to view a client computer, assess the exact situation that caused a software issue and to view data files.”
Software such as PCAnywhere could make it easy for hackers take control of voting machines and subsequently interfere in elections. Hackers managed to steal the system’s source code, which could have helped them to find security flaws and hack into voting machines.
Wyden expressed his discomfort with the situation to Motherboard:
“ES&S needs to stop stonewalling and provide a full, honest accounting of equipment that could be vulnerable to remote attacks. When a corporation that makes half of America’s voting machines refuses to answer the most basic cyber security questions, you have to ask what it is hiding.”
It is also believed that if Russian agencies did interfere in the 2016 election, they could have used a software such as pcAnywhere to access all voting machines.
Featured Image via Flickr/whiteafrican