Use separate, unique passcodes for each poll worker card.Įnsure all ImageCast X devices are subjected to rigorous pre- and post-election testing.ĭisable the “Unify Tabulator Security Keys” feature on the election management system and ensure new cryptographic keys are used for each election.Īs recommended by Dominion Voting Systems, use the supplemental method to validate hashes on applications, audit log exports, and application exports.Įncourage voters to verify the human-readable votes on printout.Ĭonduct rigorous post-election tabulation audits of the human-readable portions of physical ballots and paper records, to include reviewing ballot chain of custody and conducting voter/ballot reconciliation procedures. Use read-only media to update software or install files onto ImageCast X devices. Dominion Voting Systems reports to CISA that the above vulnerabilities have been addressed in subsequent software versions.Įnsure all affected devices are physically protected before, during, and after voting.Įnsure compliance with chain of custody procedures throughout the election cycle.Įnsure that ImageCast X and the Election Management System (EMS) are not connected to any external (i.e., Internet accessible) networks.Įnsure carefully selected protective and detective physical security measures (for example, locks and tamper-evident seals) are implemented on all affected devices, including on connected devices such as printers and connecting cables.Ĭlose any background application windows on each ImageCast X device. Specifically, for each election, election officials should:Ĭontact Dominion Voting Systems to determine which software and/or firmware updates need to be applied. 2.2 VULNERABILITY OVERVIEWĬISA recommends election officials continue to take and further enhance defensive measures to reduce the risk of exploitation of these vulnerabilities. Instructions to check for and mitigate this condition are available from Dominion Voting Systems.Īny jurisdictions running ImageCast X are encouraged to contact Dominion Voting Systems to understand the vulnerability status of their specific implementation. NOTE: After following the vendor’s procedure to upgrade the ImageCast X from Version 5.5.10.30 to 5.5.10.32, or after performing other Android administrative actions, the ImageCast X may be left in a configuration that could allow an attacker who can attach an external input device to escalate privileges and/or install malicious code. ImageCast X application Versions 5.5.10.30 and 5.5.10.32, as used in Dominion Democracy Suite Voting System Version 5.5-A ImageCast X firmware based on Android 5.1, as used in Dominion Democracy Suite Voting System Version 5.5-A The following versions of the Dominion Voting Systems ImageCast X software are known to be affected (other versions were not able to be tested): Many of these mitigations are already typically standard practice in jurisdictions where these devices are in use and can be enhanced to further guard against exploitation of these vulnerabilities. Jurisdictions can prevent and/or detect the exploitation of these vulnerabilities by diligently applying the mitigations recommended in this advisory, including technical, physical, and operational controls that limit unauthorized access or manipulation of voting systems. While these vulnerabilities present risks that should be mitigated as soon as possible.Įxploitation of these vulnerabilities would require physical access to individual ImageCast X devices, access to the Election Management System (EMS), or the ability to modify files before they are uploaded to ImageCast X devices. The ImageCast X can be configured to allow a voter to produce a paper record or to record votes electronically. This advisory identifies vulnerabilities affecting versions of the Dominion Voting Systems Democracy Suite ImageCast X, which is an in-person voting system used to allow voters to mark their ballot.
0 Comments
Leave a Reply. |