Are U.S. Election Systems Secure?
Non-Partisan Report on Vulnerabilities in U.S. Election Systems
Executive Summary
Reach of Systems and Software Vulnerabilities
Election Systems & Software, Inc. (ES&S) controls at least 60% of U.S. voting infrastructure across 40 states per their own statements. The Express Vote (EVS) 6.3.0.0 software certified for use in at least 9 states during the 2024 election contains undisclosed security deficiencies identified in Texas (2020-2021) that would allow USB devices with mismatched software to bypass detection and inject malware. A closely-related version, EVS 6.3.0.1, was found in 2023 to contain 430 confirmed security vulnerabilities enabling vote manipulation with sufficient knowledge and access. Given the minimal differences between versions, these same vulnerabilities may still exist in EVS 6.3.0.0 but have not been disclosed or addressed publicly.
Election System Connectivity
Approximately 14,000 to 33,000 voting machines with cellular modems and 35 backend election systems connected to the internet have been identified in use across 11 states (2020). ES&S confirmed remote-access software on election systems in at least 300 jurisdictions in 2020, while the “Regional Results” software module in EVS 6.3.0.0, identified in Texas software (2024), transmits election data via WAN/VPN access. These findings and capabilities contradict official statements that voting systems are disconnected from the internet and protected from outside interference.
Threats of Compromise
Two major pathways exist to compromise voting systems and alter vote counts without detection in past and present election infrastructure. Remote attacks could target any of the identified 14,000 to 33,000+ internet-connected tabulators with cellular modems, exploit remote-access software installed across 300+ jurisdictions, and compromise the documented 35 back-end election management systems connected to the internet across 11 states. Supply chain attacks could inject malware through USB devices via supply chain compromise or compromised election management systems, exploiting known software vulnerabilities in ES&S systems deployed across 40 states. Foreign state actors, domestic adversaries, and insiders could exploit either pathway to alter vote counts without detection and impact systems controlling at least 60% of U.S. voting infrastructure.
Introduction
Public statements by prominent figures have recently brought renewed attention to election infrastructure security. These statements include references to satellite technology with respect to voting system knowledge, and real-time data access during the 2024 election period.
While such statements alone do not constitute evidence of security breaches, they highlight the importance of examining whether current safeguards adequately protect elections against technically sophisticated threats such as remote exploits or more physical compromises that rely on supply chain attacks. While these discussions have occurred in a politically charged environment, the underlying technical issues are non-partisan and profoundly impact the integrity of democratic processes regardless of election outcomes.
This technical brief is designed to inform the general public on the reality of our election infrastructure’s security, or vulnerability thereof, and focuses exclusively on documented technical vulnerabilities, confirmed by government agencies, independent testing laboratories, investigative reporting, and peer-reviewed research. The goal is not to contest any particular election result, but to identify systemic weaknesses that should be addressed to strengthen public confidence in future elections.
Internet Connectivity Concerns
Election officials and cybersecurity agencies have consistently stated that voting systems are not connected to the internet during vote tabulation, making interference impossible.
Documented Reality:
• 14,000 to 33,000+ ES&S scanners with cellular modems found online, even though use of cellular transmitting of election results is not certified by the Election Assistance Commission (EAC) (VICE/Motherboard, 2019)
• 35 backend election management systems connected online across 11 states (NBC News, 2020)
• ES&S acknowledged the existence of remote-access software installed on their election systems in at least 300 election jurisdictions (Politico, 2020)
A report by Brian Mechler, Technical Examiner for Texas, confirms their EVS 6.3.0.0 systems, a system certified across 9+ states, includes a software “Regional Results” module that allows transmission of results data over a virtual private network (VPN) (Texas, 2023).
Conclusion: While some states have documented policies prohibiting cellular modems in voting equipment, it is confirmed that ~14,000 to 33,000 DS200 precinct tabulators with active cellular modems were in use, and that this transmission capability was never certified by the EAC. Separately, 35 backend election management systems; the software used to program voting machines and consolidate voting results, were found connected to the internet across 11 states, representing a distinct and more consequential attack surface than precinct-level connectivity alone. The addition of a “Regional Results” software module capability for common election systems brings up further concerns of exposure through internet wide-area-network (WAN) connection if such is being utilized to transmit data.
If foreign or domestic entities had sufficient knowledge of cellular modem specifications, or could target and compromise internet accessible precinct or election management systems, the possibility of unauthorized remote access, introduction of malware, and manipulation of votes is a real possibility.
Malware Vector By Media Devices
Even air-gapped voting systems require physical media, such as flash cards and USB drives for ballot formatting, software updates and precinct voting data transfer. This creates a potential vector for malware introduction, as demonstrated by the Stuxnet attack on Iran’s nuclear facilities in 2007 (Stuxnet, 2013).
Stuxnet was a U.S. and Israeli-developed cyberweapon that destroyed approximately 1,000 Iranian nuclear centrifuges by spreading through what’s assumed to have been USB drives into an air-gapped facility, manipulating the machines while displaying normal readings to operators (Washington Post, 2012; CSO Online). It is the most cited real-world proof that air-gapped systems remain vulnerable when physical media crosses the security boundary.
The Texas USB Incident (2020-2021)
Approximately 40 days before the 2020 general election, the Election Assistance Commission quietly opened an investigation into ES&S voting system issues in Texas (WhoWhatWhy, 2021).
This investigation found that USB devices with software that did not match certified software could have left voting systems in up to 19 states vulnerable to the installation of malicious or otherwise unapproved software. Documents also suggest that ES&S may have initially misled election officials about the scale and scope of this issue.
Texas examiner Brian Mechler discovered that ES&S’s own hash verification process, the primary mechanism for confirming software integrity on voting systems, contained a critical bug within EVS 6.1.1.0, 6.0.3.0, and 6.0.2.0 systems. When the trusted reference hash file was missing entirely the script still reported a successful match leaving the system vulnerable to an “insider threat” where a knowledgeable bad actor could exploit this failure (CVINY, 2021).
ES&S’s own customer guidance trained jurisdictions to ignore hash mismatches, causing Texas election officials to raise concerns that ‘if there is a mis-match and customers are being told to ignore it, there is nothing to be flagged’ which may allow opportunity for exploitation (Brian Mechler Email to Tom Watson, September 3-4, 2020).
Election security expert Susan Greenhalgh summarized the cumulative effect: “Because of the fatal flaws in ES&S’s hash verification script… ES&S hash verification has little to no meaning” (Zero Day, 2021).
Confirmed Core Software Vulnerabilities
ES&S EVS 6.3.0.1 Code Vulnerabilities
In 2023, New York State’s testing laboratory (NYSTEC) examined ES&S EVS 6.3.0.1 with a subcontractor, Cyber Castellum, to verify the code review performed by SLI Compliance, one of only two organizations that the EAC has authorized to certify voting systems in the United States. That verification identified 430 software vulnerabilities in the EVS 6.3.0.1 source code (NY NYSTEC Report, 2023).
SLI classified the “Exploit Potential” of these 430 vulnerabilities as requiring “Extensive knowledge of the system or a Vendor Insider”, and the software remained certified for use with no further patches or actions needed.
Identified Vulnerabilities:
• Memory modification - Changes to the memory stored in the machines
• Privilege escalation - Changes to who has privileges to alter software
• Audit log removal - Deletion of records of machine audits
• Vote manipulation and storage alteration - Individual votes being added, switched, or removed
Page 2, Section 2.1:
“Several issues were found … during their review of the source code. However, it remains that the risk associated with these issues is being mitigated through controls present on the devices where the code is installed. As a best practice in software development, code should not rely on external environmental controls for security, therefore, NYSTEC recommends that ES&S remediate these issues in their code, along with the list of issues they agreed to address, in a future build.”
Current research into software version documents have not confirmed any remedy of these vulnerabilities in current or future software versions.
Critical Finding: Version 6.3.0.0 of the EVS software has been certified for use in over 9 states, such as Texas, Ohio, and Pennsylvania. The NYSTEC report never specifies what changed between 6.3.0.0 and 6.3.0.1 and the changes are not immediately public. It is assumed that the changes were minimal from the core version and vulnerabilities may be persistent across versions.
ES&S EVS 6.3.0.0 and EVS 6.0.2.0/6.0.3.0 Vulnerability to Malware
Hash verification flaws in EVS 6.0.2.0 and EVS 6.0.3.0 were identified in Texas in 2020 across up to 19 states, affecting potentially tens of thousands of ExpressVote machines. These vulnerabilities remained unresolved and similar hash verification failures later appeared in EVS 6.3.0.0, certified across 9+ states and used in the 2024 election. (WhoWhatWhy, “Election Assistance Commission Investigated ES&S Voting Systems,” March 8, 2021; EAC Voting Equipment - EVS 6.0 Systems).
How the Vulnerability Persisted
Prior USB Vulnerability (2020): The Election Assistance Commission investigated ES&S’s uncertified USB stick installation method in EVS 6.1.1.0, 6.0.3.0 and EVS 6.0.2.0, which potentially left voting systems vulnerable to malicious software. About 40 days before the 2020 election, the investigation expanded across 19 states, but findings were never reported publicly until after the election (WhoWhatWhy, “Election Assistance Commission Investigated ES&S Voting Systems,” March 8, 2021).
EAC provided technical instructions for verifying USB installations in response to this issue, but the EAC did not require states to follow them or set clear guidelines for implementation.
Training Election Officials to Ignore Errors (2020): ES&S provided guidance to customers instructing them that if there is a discrepancy in a hash, they should ignore hash mismatches, effectively undermining the verification process. As examiner Brian Mechler noted: “if customers are being told to ignore it, there is nothing to be flagged” (Brian Mechler Email, September 3-4, 2020).
Incomplete Certification (May, 2023): Texas examiners later discovered they certified EVS 6.3.0.0 (June, 2023) without receiving complete hash validation documentation from ES&S. Critical security procedures were never provided to examiners or the Secretary of State’s office.
(January 2024): When questioned about the missing documentation, ES&S submitted ECO-1167 but labeled changes as “Texas specific” to prevent other states using the system from discovering the vulnerabilities mentioned in the Engineering Change Order.
Texas Examiners Brandon T. Hurley and Chuck Pinney Expose Critical Flaws (February 1, 2024): Texas examiners and Election Assistance Commission representatives conducted a full examination and discovered of EVS 6.3.0.0:
The verification software used is plain text and could be rewritten by bad actors
The system can self-verify, allowing malware to generate false passing scores
Five files are exempt from verification mismatch, creating blind spots
No Security Fixes Implemented (April 9, 2024): ES&S removed “Texas specific” language from ECO-1167 but implemented no significant security improvements. Only documentation was updated, not the underlying vulnerable code.
Texas Examiner Brandon T. Hurley’s Warnings Ignored (May 13, 2024): Lead examiner Brandon T. Hurley explicitly warned that the plain-text verification script must be converted to binary or obfuscate the code to prevent tampering. He noted the validation process “needs improvement in these areas.” (Texas ECO-1167 Examiner Report, May 13, 2024). These critical recommendations were never required or enforced.
Version 6.3.0.0 was confirmed to be in use within Pennsylvania’s Allegheny and Cambria Counties during the 2024 election (PA Certification Report, 2023). These counties are highlighted in the Election Truth Alliance’s lawsuit that flags abnormal voting behavior across Pennsylvania, and documented system and procedure failures in Cambria County during the 2024 election (PRN ETA 2025).
Conclusion: If 430 code vulnerabilities exist in minimally modified EVS 6.3.0.1 software, then the same vulnerabilities may exist in the core version, EVS 6.3.0.0, which has been certified for use across at least nine states, and is confirmed as used during the 2024 election.
The certifying lab’s own classification confirms these vulnerabilities are exploitable by anyone with insider access or extensive system knowledge; enabling modification of vote counts, memory, audit logs, and system privileges.
Software hashing failures identified in Texas for EVS 6.3.0.0 and earlier versions would allow exploitation of any source code vulnerabilities through USB or media devices with malware present. If the core software for the EVS 6.3.X.X version has exploitable vulnerabilities, and failures in identifying software changes, this could allow current and future exploitation by domestic or foreign actors with sufficient resources and access.
The most impactful vector for exploiting the identified software vulnerabilities would be a supply chain attack within state voting infrastructure, allowing a compromise of media devices that are used to interact with voting systems as displayed in Texas 2020 with mismatching USB device software.
Certifications As Security Theater
Federal and state officials have consistently cited EAC certification and machine testing as the primary safeguard confirming that voting systems are secure, accurate, and free from tampering before deployment.
Documented Reality: The certification framework that voters and officials rely upon has multiple structural gaps and is not updated to deal with today’s growing cyber threats. In addition, the Logic and Accuracy Testing (LAT) counties conduct are not designed to defeat advanced cybersecurity attacks.
The Security Standard Is 21 Years Old
EVS 6.3.0.0, the ES&S voting system certified across 9+ states and used in the 2024 general election, was tested and certified against the Voluntary Voting System Guidelines Version 1.0 (VVSG 1.0), adopted in 2005 (Idaho Secretary of State, Certified Voting Systems; EAC Certification ESSEVS6300).
VVSG 1.0 does not require air-gapped systems, does not prohibit wireless connections, does not require multi-factor authentication, does not mandate supply chain risk management, and does not require adversarial security testing. The systems counting votes in 2024 were certified to a standard that the federal government itself acknowledged was obsolete, and the first ES&S system submitted for testing under the updated standard was not submitted until December 2025 (EAC, 2025).
VVSG 2.0 was adopted in 2021 with updated cybersecurity requirements but allows wireless hardware to remain in the voting system, so long as it is disabled. As of the 2024 election, no voting system had been certified to the new standard (Bipartisan Policy Center, 2025).
State Examination Reports:
EVS 6.3.0.1 - New York State Testing Report - State tested (430 vulnerabilities identified)
EVS 6.3.0.2 - California Voting Systems Report - State certified to VVSG 1.0 (2005)
Texas Examination Reports:
Texas ECO-1167 Examiner Reports - EVS 6.3.0.0 hash verification failures documentation
EVS 6.3.0.0 Exam Report - State certified to VVSG 1.0 (2005) - ⚠️ Hash verification failures (unresolved 4+ years)
EVS 6.1.1.0 / 6.0.3.0 / 6.0.2.0 Hash Verification Issues - Uncertified USB stick installation method (2020, up to 19 states affected)
U.S. Senators formally warned in 2019: “The fact that VVSG 2.0 remains a work in progress is not an excuse for the fact that our voting equipment has not kept pace both with technological innovation and mounting cyber threats.” (CyberScoop, 2019)
Only Two Private Labs Certify All U.S. Voting Systems
Every voting system used in the United States is certified by one of only two private companies: SLI Compliance (Colorado) and Pro V&V (Alabama) (Bipartisan Policy Center, 2024). These are the only EAC-accredited Voting System Test Laboratories (VSTLs) in the country. No other organizations are authorized to certify voting systems for federal use.
This creates a single point of failure in the certification pipeline: if either lab’s testing methodology is inadequate and they classify vulnerabilities as acceptable there is no competing independent check. The 430 vulnerabilities found in ES&S EVS 6.3.0.1 were reviewed and classified as acceptable by SLI Compliance, one of these two labs.
Certification Cannot Be Revoked for Security Failures
Once a system is EAC-certified, decertification requires a formal vote of EAC Commissioners and can only occur when a system no longer complies with established standards (EAC VVSG Lifecycle Policy). There is no mechanism for automatic decertification when post-certification security vulnerabilities are discovered. This means counties may be running versions as old as EVS 5.2.0.0, certified in 2015, on 11-year-old security standards, alongside counties running the newer versions.
Defeating Logic and Accuracy Testing (LAT)
Voting systems are tested prior to use in U.S. elections. For example in Kentucky an Accuracy Board established by each county oversees LAT of voting systems prior to elections. These tests are not sufficient to catch malware with timed activation windows.
What the Testing Does and Does NOT Do
What it does:
Confirms the machine correctly reads and counts marked ballots during the test only
Confirms the machine rejects over-votes
Confirms vote totals match a predetermined expected result
Confirms the firmware version is on the certified list
Creates a paper trail of serial numbers and seal numbers
What it does NOT do:
Verifies that the software installed on the machine is cryptographically identical to the EAC-certified version (key vulnerabilities in self-check software as mentioned above)
Detects malware installed on the machine prior to testing
Tests the machine against cybersecurity attacks during voting
The Kentucky accuracy test is a functional accuracy check that confirms the machine counts correctly when given known ballots. It is not a security audit. A machine with malware installed that is programmed to count accurately during testing but behave differently during an actual election would pass this test without triggering any failure.
The EAC’s own research notes: “No prior work has developed a procedure that is guaranteed to detect important classes of possible attacks before an election takes place.” (arxiv.org/pdf/2308.02306)
The Volkswagen Parallel
The 2015 Volkswagen emissions scandal demonstrates how audit procedures can be defeated when software detects testing conditions (Environmental Protection Agency). Software within Volkswagen vehicles was defeating emission tests while outputting 40x the legal limit of emissions when in use outside of a testing environment.
Volkswagen Designed Software That:
• Detected when vehicles were being emissions-tested
• During testing: operated in low-emissions mode, passed all audits
• During normal operation: output up to 40 times legal emissions limits
• Only discovered through independent testing under real-world conditions due to mismatching emissions data
Voting System Parallel: Similarly designed software or advanced malware could potentially:
• Count accurately during pre-election testing (processing test ballots)
• Execute only during actual vote counting after a threshold of counted votes is exceeded
• Allow the altering of stored counted votes during a timed window such as election day
• Modify all logs and outputs from the system, including digital ballot images
• Return to normal operation during post-election audits (small random samples)
Conclusion: The certification and testing framework presented to the public as confirmation that voting systems are secure is governed by a 21-year-old standard that does not require air-gapped systems, prohibit wireless connections or take into account complex targeting of election infrastructure such as supply chain attacks.
Current pre-election Logic and Accuracy Testing may not be sufficient to detect malware, verify installed software, and cannot defeat malware designed to count accurately during testing while behaving differently during a live election.
The entire U.S. voting system certification pipeline relies on two private companies, SLI Compliance and Pro V&V, who are hired and paid directly by the vendors whose systems they certify. The 430 confirmed vulnerabilities in ES&S EVS 6.3.0.1 voting software was classified as an acceptable risk for example.
Overall the security standards for U.S. voting systems are insufficient to combat insider threats within certification companies or election system companies, along with supply chain attacks that would allow exploitation of insecure voting software through malware.
Required Next Steps
This briefing is not a call to distrust elections. It is a call to verify them with the same rigor applied to any critical infrastructure whose failure would have consequences for every American.
What Needs To Be Done:
Independent security audits of all voting systems using EVS 6.3.0.0, conducted by parties with no financial ties to ES&S or its certifying labs, with results published publicly
Full public disclosure of the technical records distinguishing EVS 6.3.0.0 from EVS 6.3.0.1, so independent researchers can confirm whether the 430 vulnerabilities exist in the core software
Mandatory fixes for all confirmed vulnerabilities before these systems are used in another election
Retirement of the 2005 security standard, no voting system that cannot meet VVSG 2.0 should be used in a federal election, with the addition of removing cellular models from election systems, not just disabling them
Paper ballot audits in jurisdictions with documented system failures, using the physical paper record to independently verify software-reported results
Full hand-count or large-sample audits as a standard post-election procedure, as small random samples cannot detect targeted manipulation and should not be treated as sufficient verification
An independent certification body to replace private labs who are paid by the vendors to certify systems, creating a conflict of interest
Election security belongs to every American. The documentation, the paper ballots, and the path to verification all exist. What is needed is the political will to require it and a public informed enough to demand it.
DISCLAIMER
This briefing presents technical review of election infrastructure security. It does not allege that any specific election outcome was altered, nor does it advocate for any political party or candidate. The findings are intended to inform non-partisan efforts to strengthen election security for all future elections.
Wait, wait, wait… were ES&S scanners with cellular modems used in all seven swing states… plus Texas?
Yep till Elon infiltrated and have his orange boss an election 2x over