Wired magazine reported in August 2015 on the long overdue decision to decertify AVS WINVote machines in Virginia after it was found that vote data could be modified remotely using the system’s wireless network.
The machines had a whole host of vulnerabilities:
- Physical security easily circumvented
- Windows XP operating system had not been patched since 2005
- Weak WEP wireless encryption key: abcde
- Mobile phones able to connect to the wireless network
- Disabling the wireless setting did not stop the network card from sending and receiving
- Administrative account password was hardcoded: admin
- Microsoft Access vote database had a weak password (“shoup”)
- Microsoft Access vote database was not encrypted
- Authentication was not required to modify the vote database
As computer security and election expert Jeremy Epstein says, “If no Virginia elections were ever hacked (and we have no way of knowing if it happened), it’s because no one with even a modicum of skill tried."