Unauthorized System Access Reported
December 22, 2022
Threat Level: LOW
An unauthorized party was able to demonstrate that they can communicate with the Meridia voting system when within a short range of our RF receiver by using advanced computer equipment, malicious software and computer chip sets from our clickers.
We are planning a security patch to mitigate the specific vulnerability demonstrated in the next 30 to 60 days.
Is My System Safe?
Your system is an offline, short-range electronic voting system, which is 100% protected from online and distance attacks.
Can My Voting System Protect Itself Against Local Attacks?
Your system is locked, but even if a malicious attacker finds a way into your meeting, and is able to penetrate our system’s security, you can still protect the integrity of your voting data by using the Visual Vote Confirmation feature within the TownVOTE software.
Visual Vote Confirmation allows any town that is concerned about malicious activity to protect their data by visually approving each vote.
Follow this link to learn more about this extra security feature.
What Can I Do To Protect My System?
To ensure your voting system is protected:
- Secure your dedicated voting computer
- Monitor the connection to your base receiver
- Block off the area where the voting equipment is located
- Ensure security of keypad registration, distribution, and collection
- Control access (entry) to your voting area
- Use a voting software with Visual Vote Confirmation
- Watch out for suspicious devices in and around your voting area
- Beware of individuals who may be trying to influence the vote
Did This Incident Expose New Vulnerabilities?
All systems can be penetrated with enough time, skill, and energy. This particular attack was demonstrated from an office environment or RF lab of some kind.
The attacker obtained Meridia voting equipment and used that equipment to talk to our system. Meridia’s system is designed to communicate with its own technology or equipment with the same components that are programed to mimic our technology.
If a Hacker Breaks Into My System, What Can They Do?
If a hacker is able to penetrate your voting area and operate their malicious RF technology in the range of your receiver, they can attempt to jam the RF signal, send voting data, or submit a command to put the keypads into a battery saving sleep mode (this happens automatically after a set period of inactivity).
They will NOT:
- have access to your voting software
- have access to your computer that is running the system
- have access to the data that is stored on the computer
- have access to your the RF receiver itself
What Is My Risk?
The risk that an attacker will penetrate your voting area with equipment and software powerful enough to disrupt the voting process is extremely low.
In over 50 years of being in the business, there hasn’t been a single occurrence of a malicious hacking attempt on record. As your Town Meting is a municipal voting event surrounded by law enforcement, the penalties for an infraction would be severe and immediate.
If you have any concerns about the validity of the data collected by our voting system simply turn on Visual Vote Confirmation and allow the people and not the technology to confirm each vote.