Electronic voting machines from a leading vendor have software vulnerabilities that could be exploited by hackers if the weaknesses are not addressed promptly, according to a report from a top U.S. cybersecurity agency.

Hardware from Dominion Voting Systems in at least 16 states has nine vulnerabilities that must be addressed to avoid exploitation in future elections, reads a Cybersecurity and Infrastructure Agency report obtained by the Associated Press. To prevent hacking, the agency released a list of recommendations in the middle of a midterm election year that comes on the heels of the "stolen" election claims from the 2020 contest that have been roundly rejected by election officials and the courts.


“When barcodes are used to tabulate votes, they may be subject to attacks exploiting the listed vulnerabilities such that the barcode is inconsistent with the human-readable portion of the paper ballot,” the advisory says.

To prevent hacking, election officials should conduct rigorous pre- and post-election testing on the machines, conduct post-election audits, ensure machines are always secure, and encourage voters to double-check that their ballots are readable before scanning, according to the report. These measures must be implemented before each election, the advisory states.

The advisory, which is expected to be released Friday, comes amid a long-standing lawsuit in Georgia, which seeks to get the state to ditch electronic voting machines for hand-marked paper ballots. MyPillow CEO Mike Lindell, who has been sued by Dominion for defamation, hopes to get his hands on an unredacted copy of a report detailing alleged vulnerabilities in Dominion equipment, which he claims was hacked during the 2020 election.

J. Alex Halderman, a computer science professor at the University of Michigan, authored that report, detailing alleged vulnerabilities in Dominion equipment. “There are systemic problems with the way election equipment is developed, tested, and certified, and I think it’s more likely than not that serious problems would be found in equipment from other vendors if they were subjected to the same kind of testing,” Halderman told the Associated Press.

Halderman, who conducted a similar election machine analysis in Michigan after the 2020 election, was granted access to Dominion voting equipment in Fulton County and produced a 25,000-word report. He found that malicious software could be installed in voting touchscreens to alter QR codes printed on ballots that are then scanned to record votes, or a hacker could wreak havoc by gaining access to election management system computers, according to court records reported by the Atlanta Journal-Constitution.

Dominion previously told CISA officials the vulnerabilities found in the report have been dealt with in more recent software updates. However, officials say it’s not clear whether all states have addressed all the concerns. Affected machines are used in at least 16 states, mostly for voters who are physically unable to fill out paper ballots by hand. But in some states, such as Georgia, almost all in-person voting machines are affected.


While Halderman may have found vulnerabilities in the election technology, he has not said if there is evidence they were actually exploited to create widespread fraud as Lindell has been claiming since the 2020 election.

"We have no evidence that these vulnerabilities have been exploited and no evidence that they have affected any election results," Brandon Wales, the CISA's executive director, told the Washington Examiner. “We are working closely with election officials to help them address these vulnerabilities and ensure the continued security and resilience of U.S. election infrastructure. Of note, states’ standard election security procedures would detect exploitation of these vulnerabilities and in many cases would prevent attempts entirely. This makes it very unlikely that these vulnerabilities could affect an election."