Pikagi
J. Alex Halderman Profile Banner
J. Alex Halderman Profile
J. Alex Halderman

@jhalderm

13,182
Followers
598
Following
58
Media
625
Statuses

Bredt Family Professor of Computer Science and Engineering, @UMich : Security and privacy, election security, and Internet freedom. Co-founded @LetsEncrypt

Ann Arbor, MI
https://t.co/qYXvTfSlUj
Joined December 2009
Don't wanna be here? Send us removal request.
Pinned Tweet
@jhalderm
J. Alex Halderman
@jhalderm
11 months
Today, the Federal District Court for the Northern District of Georgia unsealed a 96-page report that I wrote w/ Prof. @_aaspring_ from @AuburnU . It describes serious vulnerabilities we found in Georgia's Dominion ImageCast X ballot marking devices.
1
2K
4K
Last Seen Profiles
디에류/clashmon

@trustdry

Bilston Town FC

@BilstonTownFC

Gopher Baseball

@GPHSBaseball

The Adam Carolla Show

@AdamCarollaShow

SFE

@SouthFLExpress

b4s-zin.bnb(💙,🧡)❤️ Memecoin

@b4s_zin

Geko Robin

@GekoRobin

gaaaarrghhhh

@Chicken01356751

hal_0009

@Ai_lchemist

《أحمد الْجَوْهَرِىّ》

@Ahmed_Re2

タクミ君🟧tabi🟧

@takumikun666

ポピ岡

@popioka_10

호랑.NYAN🔫😼

@sbeom0306

uzan mert💙 🐉$MON .NYAN🔫😼 $BUBBLE 🫧🫧🫧🫧

@mesutcr12

☠️Tabi 🟧오프라인🐟⛓️

@RammsteinDJ

安積蒸溜所■ASAKA DISTILLERY

@AsakaDistillery

unccfootball

@unccfootball

BOOKGEK🐞

@NYAMOLFFEMI

National Center for State Courts

@StateCourts

westerosies

@westerosies

Goddess Myra 💕

@itsMyrp

Mike

@Blfire

J$

@jai_amayaa

Belgium in Japan 駐日ベルギー大使館

@BelgiumEmbJapan

c☆mi

@__fwlklwre

ガーディアンテイルズ公式

@GuardianTalesJP

Allison Oneacre

@AllisonOneacre

Jari Leppä

@JariLeppa

Ludwig Brandauer 🇮🇹

@BrandauerLudwig

Jaden Springer Muse

@SpringerMuse

MIB19_MetaSpace

@MIB19_MetaSpace

Legend Captain LooTz ☠ TECH RESEARCHER☠ p3p MESH

@Antidiluvian777

2024 청강 애니 졸업 전시회

@2024ckanimation

Prairie Valley School Division

@PrairieValleySD

Türk Olgun Porno - Türk Dul Porno

@dul_turkporno

BOCHOWER

@Bochoovic

@jhalderm
J. Alex Halderman
@jhalderm
6 years
I teamed up with @NYTimes to demonstrate how U.S. voting machines can be remotely hacked to steal votes. Yes, this is a real machine still used in almost 20 states! States and Congress need to act on #ElectionSecurity before it's too late. via @nytvideo .
Tweet card media
Video: Opinion | I Hacked an Election. So Can the Russians.

It’s time America’s leaders got serious about voting security.

www.nytimes.com
158
2K
2K
@jhalderm
J. Alex Halderman
@jhalderm
6 years
This is why we need voter-verified paper ballots and manual post-election audits of the paper. That's the only practical, low-cost defense that can detect and correct attacks like we showed.
@jhalderm
J. Alex Halderman
@jhalderm
6 years
Just stole an election at @VotingVillageDC . The machine was an AccuVote TSX used in 18 states, some with the same software version. Attackers don't need physical access--we showed how malicious code can spreads from the election office when officials program the ballot design.
Tweet media one
32
723
757
34
930
1K
@jhalderm
J. Alex Halderman
@jhalderm
6 years
Just stole an election at @VotingVillageDC . The machine was an AccuVote TSX used in 18 states, some with the same software version. Attackers don't need physical access--we showed how malicious code can spreads from the election office when officials program the ballot design.
Tweet media one
32
723
757
@jhalderm
J. Alex Halderman
@jhalderm
11 months
Astonishingly, Georgia Secretary of State Brad Raffensperger, who has been aware of our findings for two years, just announced that the state will not get around to installing Dominion’s security patches until after the 2024 Presidential election. 🤦
1
576
762
@jhalderm
J. Alex Halderman
@jhalderm
3 years
1/ There's been lots of speculation about why Antrim County, MI initially reported incorrect results on Wed. The results have since been corrected, but people are naturally wondering what happened. Here's the likely technical explanation and my assessment.
29
248
707
@jhalderm
J. Alex Halderman
@jhalderm
11 months
Our findings are a reminder that elections face ongoing risks that call for vigilance from policymakers, technologists, and the public. Officials like Raffensperger should uphold voter confidence by improving security, not denying or ignoring real problems. Voters deserve better.
1
256
616
@jhalderm
J. Alex Halderman
@jhalderm
11 months
That's worse than doing nothing. By broadcasting that Georgia is not going to patch, Raffensperger has given would-be adversaries a whole 18 months to develop and execute attacks that exploit the known-vulnerable machines.
1
305
612
@jhalderm
J. Alex Halderman
@jhalderm
11 months
I encourage you to read the whole report, and I've also written a blog post that provides important context for understanding the findings and their implications for election security and public policy:
Tweet card media
Security Analysis of the Dominion ImageCast X

Today, the Federal District Court for the Northern District of Georgia permitted the public release of Security Analysis of Georgia’s ImageCast X Ballot Marking Devices, a 96-page report that...

freedom-to-tinker.com
1
319
565
@jhalderm
J. Alex Halderman
@jhalderm
11 months
That was wishful thinking when it was written, and it's ridiculous today, because we've learned that Georgia's Dominion software *has already been stolen and distributed* by unauthorized parties, who had repeated access to the voting equipment.
Tweet card media
Video shows 'unauthorized access' to Ga. election equipment

A court filing says a Republican Party official in Georgia told a computer forensics team to copy components of the voting system at a rural elections office two months after the 2020 election and...

apnews.com
1
302
556
@jhalderm
J. Alex Halderman
@jhalderm
11 months
Despite our responsible disclosure efforts, the flaws remain unpatched in GA. Among the most critical issues is an arbitrary-code-execution vulnerability that can spread malware from a county's central election management system to all BMDs in the jurisdiction—and run it as root.
Tweet media one
1
290
523
@jhalderm
J. Alex Halderman
@jhalderm
11 months
This makes it possible to attack BMDs at scale, over a wide area, without needing physical access to them. Our report explains how attackers could exploit the flaws to change votes or affect election outcomes, e.g., by changing ballot QR codes, which are what scanners count.
Tweet media one
1
219
439
@jhalderm
J. Alex Halderman
@jhalderm
11 months
Update: 20+ leading experts in cybersecurity and elections just wrote to @MITREcorp CEO Jason Providakes urging him to retract MITRE's dangerously mistaken report. Signers include @RonRivest @schneierblog @matthew_d_green @ejsebes @ErrataRob @philipbstark
Tweet card media
Letter to MITRE.pdf

Shared with Dropbox

www.dropbox.com
0
207
421
@jhalderm
J. Alex Halderman
@jhalderm
4 years
Can voters detect malicious manipulation of ballot marking devices? To find out, @UMBernhard and our @UMich team had 241 people vote on BMDs we secretly hacked to change every printout. Voters missed >93% of errors! Full study published today at @IEEESP :
34
361
405
@jhalderm
J. Alex Halderman
@jhalderm
5 years
The court's ruling recognizes that Georgia's voting machines are so insecure, they're unconstitutional. That's a huge win for election security that will reverberate across other states that have equally vulnerable systems.
@fbajak
Frank Bajak
@fbajak
5 years
A big win for voting integrity advocates: Federal judge orders Georgia to scrap unreliable, hack-prone voting machines after 2019
20
334
830
7
225
399
@jhalderm
J. Alex Halderman
@jhalderm
2 years
1/ Colleagues and I have found a serious privacy flaw that affects Dominion ICP and ICE ballot scanners. We've already informed Dominion, CISA, EAC, and state officials, and we've created a site to help officials and the public understand the issue:
35
260
396
@jhalderm
J. Alex Halderman
@jhalderm
11 months
But Dominion also hired MITRE to counter our report: MITRE didn't do any security tests, yet it asserts attacks are "operationally infeasible", dangerously contradicting CISA's finding that the problems are "real risks" and should be "mitigated promptly".
1
165
367
@jhalderm
J. Alex Halderman
@jhalderm
2 years
Want to know what really happened in Antrim County during the 2020 election? I just posted a peer-reviewed paper based on the investigation I did for the Michigan SOS and AG. It will appear at @USENIXSecurity in August.
Tweet media one
2
191
364
@jhalderm
J. Alex Halderman
@jhalderm
11 months
The known breaches in Georgia would be sufficient to uncover and exploit every vulnerability we found—and likely others we missed. Yet MITRE’s risk assessment assumes that Georgia perfectly protects the equipment from illicit access across all of its 159 counties.
1
153
360
@jhalderm
J. Alex Halderman
@jhalderm
11 months
We are not aware of any evidence that the vulnerabilities have been exploited to change votes in past elections, but, unless more is done to strengthen security, there is a serious risk that they will be exploited in the future.
1
115
359
@jhalderm
J. Alex Halderman
@jhalderm
11 months
MITRE's analysis is wrong, because it fails to account for how elections are operated in the real world. It is entirely predicated on a false assumption: MITRE says it "assumes strict and effective controlled access to Dominion election hardware and software."
Tweet media one
1
126
350
@jhalderm
J. Alex Halderman
@jhalderm
3 years
Mr. President, if you're worried about voting machine vulnerabilities, there's a practical solution: Paper ballots and risk-limiting audits let officials *publicly demonstrate* that the outcome hasn't been changed by hacking. All states could have them in time for 2024.
@realDonaldTrump
Donald J. Trump
@realDonaldTrump
3 years
13K
43K
146K
23
85
357
@jhalderm
J. Alex Halderman
@jhalderm
3 years
11/ In conclusion, it appears that Antrim's problem: * Isn't a sign of anything nefarious. * Was corrected quickly. * Has nothing to do with the version of the Dominion software in use. * Is not a security vulnerability. * Isn't likely to impact results in other jurisdictions.
23
52
309
@jhalderm
J. Alex Halderman
@jhalderm
11 months
@CISAgov advised states about these problems last summer through its coordinated vulnerability disclosure process, and Dominion subsequently released a software update, Democracy Suite 5.17, that purportedly addresses at least some of the problems.
Vulnerabilities Affecting Dominion Voting Systems ImageCast X | CISA
www.cisa.gov
1
130
294
@jhalderm
J. Alex Halderman
@jhalderm
4 years
1/ In a new research paper today, @MSpecter and I perform the first public, independent analysis of the security and privacy risks of Democracy Live's OmniBallot online voting platform. Full paper: Advice for voters:
Tweet media one
6
186
291
@jhalderm
J. Alex Halderman
@jhalderm
4 years
Today, @mspecter , @jimmykoppel , and @djweitzner released a detailed security analysis of Voatz, a blockchain-based Internet voting app that's used in West Virginia and other states. Their findings are devastating, . But Voatz has even more problems! 1/
10
237
281
@jhalderm
J. Alex Halderman
@jhalderm
3 years
I've seen no credible evidence whatsoever that the 2020 presidential outcome was hacked. Still, if anyone considers an election where millions doubt the result to be a security success, they have too narrow a definition of election security.
57
36
256
@jhalderm
J. Alex Halderman
@jhalderm
5 years
I've taught college-level computer security at @UMich for 10 years, and the most important thing we teach our students is how attackers operate. YouTube's new policy will do nothing to stop bad guys, but it will definitely make it harder for the public to learn about security.
@KodyKinzie
Kody
@KodyKinzie
5 years
We made a video about launching fireworks over Wi-Fi for the 4th of July only to find out @YouTube gave us a strike because we teach about hacking, so we can't upload it. YouTube now bans: "Instructional hacking and phishing: Showing users how to bypass secure computer systems"
253
1K
3K
3
116
233
@jhalderm
J. Alex Halderman
@jhalderm
3 years
Last time DC tried Internet voting, in 2010, it took my team 48 hours to hack in and change all the votes. There haven't been any breakthroughs that make online voting fundamentally more secure today, and threats elections face are even more dangerous.
Tweet card media
Internet Voting Halderman Testimony part 1, October 8, 2010

Prof. J Alex Halderman of the University of Michigan describes how he and a team of students gained the ability to alter votes and violate voter privacy in a...

www.youtube.com
19
201
200
@jhalderm
J. Alex Halderman
@jhalderm
3 years
10/ When the dust settles, we can investigate further and learn from these events. Defensive software engineering should help prevent such reporting glitches even if operators make a mistake. Still, Antrim responded well, and MI's failsafes worked as designed to ensure integrity.
3
21
190
@jhalderm
J. Alex Halderman
@jhalderm
3 years
No, it didn't. Michigan has a paper ballot for every vote, and it will perform a risk-limiting audit to verify the computer count.
@BillyMikeKY
BILLY ANDERSON
@BillyMikeKY
3 years
So @jhalderm Did this happen in Michigan fro the 2020 election?!
1
3
11
21
38
184
@jhalderm
J. Alex Halderman
@jhalderm
3 years
9/ Even if Antrim hadn't caught this problem so quickly, it would have been found and corrected during normal post-election procedures. Every Michigan jurisdiction checks the poll tapes against the reported totals before certifying results.
3
26
171
@jhalderm
J. Alex Halderman
@jhalderm
3 years
1/ Georgia just announced it will perform a manual audit of the presidential contest. This is a positive step for confidence and security. The race is so close that the audit will consist of a full manual count, rather than inspection of a random sample of the ballots.
@milesobrien
Miles O'Brien
@milesobrien
3 years
Georgia SOS announces state will conduct a hand recount of Presidential race. The human readable text. Not the QR codes. @jennycohn1
7
15
50
12
24
146
@jhalderm
J. Alex Halderman
@jhalderm
6 years
Big thanks to @MatteenM from @nytvideo for telling this story, and to @VerifiedVoting for making the hacking demo possible with their Technology Fellowship.
5
62
148
@jhalderm
J. Alex Halderman
@jhalderm
3 years
2/ First, see @MichSOS 's new statement about the issue: It was human error, isn't a sign of anything malicious, and couldn't impact the official results in any way. But what exactly happened?
1
27
165
@jhalderm
J. Alex Halderman
@jhalderm
2 years
It would be a lot easier to address baseless election conspiracy theories if the U.S. better addressed actual election security vulnerabilities...
11
44
167
@jhalderm
J. Alex Halderman
@jhalderm
3 years
You're right, we need rigorous national standards for election security, and paper and risk-limiting audits are key components. But there's also a need for a deeper shift in attitude: elections should be designed to generate affirmative, public evidence of their correctness.
@zeynep
zeynep tufekci
@zeynep
3 years
The president spent last month telling people the election was rigged, the votes fraudulent, the count manipulated. The damage is real and we need better safeguards than just repeating there was no evidence of fraud. I wrote about basic & possible reforms.
Tweet media one
20
196
664
18
36
160
@jhalderm
J. Alex Halderman
@jhalderm
11 months
@GabrielSterling @MITREcorp @realMikeLindell @MarilynRMarks1 Gabe, the MITRE report is wrong. It assumes "strict and effective controlled access", but your Dominion software has already been stolen. The Coffee County breaches were more than sufficient access for the attacks we discovered. Y'all need to patch.
20
67
156
@jhalderm
J. Alex Halderman
@jhalderm
11 months
Finally something that Voatz and serious researchers can agree on!
Tweet media one
@kevincollier
Kevin Collier
@kevincollier
11 months
Controversial blockchain voting company Voatz, which has largely fallen out of favor with state election officials, appears to have had their website defaced by a hacktivist who doesn't care for their stance on security research. Keep clicking previous:
3
14
35
18
53
155
@jhalderm
J. Alex Halderman
@jhalderm
3 years
@wbm312 @TheFIREorg Video guy flashed his inbox while teaching a class. One of our amazing security TAs, Jensen Hwa, noticed that it shows how the second video was faked. An old trick: he set up university mailing lists with names like "Academic-Misconduct-Committee" and used them as the senders.
Tweet media one
4
17
156
@jhalderm
J. Alex Halderman
@jhalderm
4 years
@mspecter @jimmykoppel @djweitzner @censysio In my view, based on MIT's findings, no responsible jurisdiction should use Voatz in real elections any time soon. It will take major advances in security technology before Internet voting is safe enough. 11/11
14
69
141
@jhalderm
J. Alex Halderman
@jhalderm
3 years
6/ Antrim uses @dominionvoting ballot scanners, which store vote totals on memory cards. Think of the data on the card like spreadsheet, with a number for each choice. But there aren't any labels--it's the election definition that says which row corresponds to which candidate.
6
21
138
@jhalderm
J. Alex Halderman
@jhalderm
3 years
8/ Fortunately, the individual scanners counted correctly. Each scanner prints its results on a paper "poll tape" at the end of election night, so Antrim re-entered the data from those printouts to get the correct overall totals.
1
21
140
@jhalderm
J. Alex Halderman
@jhalderm
3 years
3/ The problem relates to the "election definition"--configuration files that describe the races and candidates on the ballots across the county. In October, Antrim noticed an error in its election definition: two local races had been omitted in certain precincts.
2
20
132
@jhalderm
J. Alex Halderman
@jhalderm
4 years
@mspecter @jimmykoppel @djweitzner The paper finds that the Voatz API server, if hacked, can change votes entirely. The authors say the app doesn't actually use a blockchain or an E2E-V protocol to secure app-server vote transmission, but essentially just a regular HTTPS connection to . 2/
7
82
127
@jhalderm
J. Alex Halderman
@jhalderm
4 years
In a new paper at @ACM_CCS , we explain how we built @LetsEncrypt and how it has impacted the Web: When we started in 2012, the idea sounded crazy. Now, 7 years later, we're the world's largest provider of HTTPS certificates and help secure 180M sites!
Tweet media one
2
58
136
@jhalderm
J. Alex Halderman
@jhalderm
3 years
7/ When Antrim loaded the memory cards into its reporting system, the system interpreted them using the revised election definition. The numbers from scanners that used the old definition didn't line up with the right candidates, so the initial combined totals were very wrong.
3
21
129
@jhalderm
J. Alex Halderman
@jhalderm
3 years
No, they did not. U.S. election security continues to face real challenges, but this is not one of them.
@realDonaldTrump
Donald J. Trump
@realDonaldTrump
3 years
“REPORT: DOMINION DELETED 2.7 MILLION TRUMP VOTES NATIONWIDE. DATA ANALYSIS FINDS 221,000 PENNSYLVANIA VOTES SWITCHED FROM PRESIDENT TRUMP TO BIDEN. 941,000 TRUMP VOTES DELETED. STATES USING DOMINION VOTING SYSTEMS SWITCHED 435,000 VOTES FROM TRUMP TO BIDEN.” @ChanelRion @OANN
136K
117K
443K
44
26
128
@jhalderm
J. Alex Halderman
@jhalderm
3 years
4/ They fixed this by recreating the election definition and installing the corrected version on the scanners for affected precincts. However, precincts where the ballot wasn't impacted by the change continued to use the original election definition.
1
19
125
@jhalderm
J. Alex Halderman
@jhalderm
4 years
A close election with a protracted count is very dangerous from a security perspective. In addition to disinformation and false accusations of fraud, it creates opportunities for adversaries to commit real fraud by attacking the counting process and the integrity of the ballots.
4
32
127
@jhalderm
J. Alex Halderman
@jhalderm
3 years
5/ Because of this, each individual scanner tabulated ballots correctly, but there was a problem when it came time to combine the results from across precincts.
2
18
121
@jhalderm
J. Alex Halderman
@jhalderm
4 years
The best way to adapt elections to #COVID19 is to make broader use of vote-by-mail, which the majority of voters in several states already use. @RonWyden VBM isn't perfect, but the cybersecurity risks are far, far lower than when voting online.
3
43
108
@jhalderm
J. Alex Halderman
@jhalderm
4 years
@mspecter @jimmykoppel @djweitzner @censysio It’s not surprising that the Voatz app has the major security problems MIT found. Election security experts, including me, have been warning for years that Internet voting systems are not safe to use in real elections. 9/
2
50
109
@jhalderm
J. Alex Halderman
@jhalderm
4 years
6/ The overwhelming scientific consensus is that online voting cannot be secured with available technology. The National Academies and the Senate Intelligence Committee both urge against using it, even for military voters.
7
50
108
@jhalderm
J. Alex Halderman
@jhalderm
6 years
Georgia is getting $10 million in Federal money to improve #ElectionSecurity . It's time for the state to ditch its vulnerable paperless machines and implement paper ballots and risk-limiting audits.
7
80
103
@jhalderm
J. Alex Halderman
@jhalderm
6 years
This fall I'm teaching a new course about Election Cybersecurity. @UMich students from all majors are welcome--as are election officials.
Tweet media one
3
34
108
@jhalderm
J. Alex Halderman
@jhalderm
10 months
Opinion: The case against allowing internet voting in Michigan via @BridgeMichigan
Tweet card media
Opinion | The case against allowing internet voting in Michigan | Bridge Michigan

Internet voting cannot guarantee that a submitted ballot represents the actual choices made by a voter. If that vote is maliciously altered, the authors write, there is no paper record of the voter’s...

www.bridgemi.com
10
46
104
@jhalderm
J. Alex Halderman
@jhalderm
4 years
Internet voting is the hydroxychloroquine of elections.
6
29
107
@jhalderm
J. Alex Halderman
@jhalderm
4 years
@mspecter @jimmykoppel @djweitzner @censysio What is shocking from the MIT findings is just how primitive the Voatz app is, under the surface, compared to state-of-the-art E2E-V approaches. I myself certainly assumed from Voatz's messaging that it was doing something more sophisticated than what the researchers report. 10/
2
38
93
@jhalderm
J. Alex Halderman
@jhalderm
2 years
2/ We call the flaw DVSorder. It's a privacy vulnerability, so it *cannot* directly modify results or change votes. However, under some circumstances, it could allow members of the public to identify other peoples’ ballots and learn how they voted.
1
42
97
@jhalderm
J. Alex Halderman
@jhalderm
5 years
I'm proud to join the 2019 winners of the Andrew #CarnegieFellows awarded by @CarnegieCorp !
Tweet media one
11
7
100
@jhalderm
J. Alex Halderman
@jhalderm
6 years
So much fun making this video about #ElectionSecurity with @NYTOpinion . Thanks to @EECSatMI and our fantastic students for taking part! Here's a behind-the-scenes view of the filming, c/o @UMengineering :
Tweet card media
2018 Election Hacking with the New York Times

Explore this photo album by Michigan Engineering on Flickr!

www.flickr.com
3
52
81
@jhalderm
J. Alex Halderman
@jhalderm
4 years
...what could go wrong?
4
22
96
@jhalderm
J. Alex Halderman
@jhalderm
2 years
3/ Many people don't care if others know how they voted, but the secret ballot is an important security mechanism, and some voters—especially the most vulnerable in society—may face real or perceived threats of coercion unless the privacy of their votes is strongly protected.
4
28
94
@jhalderm
J. Alex Halderman
@jhalderm
4 years
1/ Remember Voatz, the “blockchain”-based Internet voting app that doesn’t really use blockchain to send votes? There's an excellent new security analysis by @trailofbits that confirms the issues recently reported by MIT researchers and finds *way* more problems.
@trailofbits
Trail of Bits
@trailofbits
4 years
Our Full Report on the Voatz Mobile Voting Platform
1
58
122
3
54
94
@jhalderm
J. Alex Halderman
@jhalderm
2 years
Last week @CISAgov privately advised states about vulnerabilities in the Dominion ImageCast X that @_aaspring_ and I discovered (as part of a lawsuit in Georgia that predates the 2020 election). CISA has now made a version of their advisory public:
Vulnerabilities Affecting Dominion Voting Systems ImageCast X | CISA
www.cisa.gov
@_aaspring_
Drew Springall
@_aaspring_
2 years
1/4 @jhalderm and I investigated the security of the Dominion ImageCast X BMD used in Georgia and our findings aren't pretty. @CISAgov just published an advisory about vulnerabilities we found and I hope the full report we sent them will be available soon.
8
22
35
1
57
84
@jhalderm
J. Alex Halderman
@jhalderm
3 years
Merits of the lawsuit aside, Arizona's audit law is insufficient. 2% of vote centers/precincts isn't a large enough sample to confidently rule out fraud when the margin is this close. For 2024, AZ should adopt a true risk-limiting audit. It'd be both less work and much stronger.
@mpolletta
Maria Polletta
@mpolletta
3 years
UDPATE: Ruling is up. Judge has decided to toss out Arizona GOP lawsuit requesting new Maricopa County vote audit. A filing outlining his reasoning should be posted shortly.
19
145
538
7
24
81
@jhalderm
J. Alex Halderman
@jhalderm
2 years
4/ DVSorder is unusual in that it doesn't require exotic skills or special access to find and exploit, only public information. Fortunately, now that we know about the problem, election officials have time to prevent it from affecting voters in the midterms.
3
20
81
@jhalderm
J. Alex Halderman
@jhalderm
2 years
As we wrote, the presence of security weaknesses does not prove that any election has been hacked. But more needs to be done to address those weaknesses, such as making sure all states use paper ballots, marked by hand by those who can, and that results are rigorously audited.
6
27
81
@jhalderm
J. Alex Halderman
@jhalderm
3 years
Michigan is planning to conduct a risk-limiting audit. In an RLA, workers publicly inspect enough paper ballots to verify the election outcome, without having to trust potentially vulnerable computers or ballot scanners. This is great news for security and voter confidence.
@JocelynBenson
Jocelyn Benson
@JocelynBenson
3 years
I’m thrilled that we are on track to perform a statewide risk-limiting audit of November’s general election, which we’ve been building towards and planning for over the last 22 months, as well as local procedural audits of individual jurisdictions. (2/9)
6
42
505
7
29
80
@jhalderm
J. Alex Halderman
@jhalderm
1 year
Big news from Chrome Security Team! With HTTPS encryption now nearly ubiquitous, they're finally killing off the browser🔒icon, which tends to give users a false sense of security about other threats. A huge milestone for web security. h/t @davidcadrian
Tweet card media
An Update on the Lock Icon

Editor’s note: based on industry research (from Chrome and others), and the ubiquity of HTTPS, we will be replacing the lock icon in Chrome’...

blog.chromium.org
3
35
81
@jhalderm
J. Alex Halderman
@jhalderm
4 years
@mspecter @jimmykoppel @djweitzner We can look up that certificate using Censys ( @censysio ). It turns out Voatz uses the same cert on 7 servers on 3 cloud providers. An attacker who hacked into any of these systems could likely get the private needed to intercept and change votes. 5/
Tweet media one
3
35
73
@jhalderm
J. Alex Halderman
@jhalderm
6 years
So great to see election officials and technologists join forces at @VotingVillageDC and apply their collective experience to strengthening security. When we work together, voter confidence doesn't have to be a matter of faith--we can have evidence-based elections.
4
31
78
@jhalderm
J. Alex Halderman
@jhalderm
4 years
@mspecter @jimmykoppel @djweitzner To protect the connection, Voatz uses certificate pinning. That means the app will only trust a specific HTTPS certificate to authenticate the server. For maximal security, the app should pin to a cert that is used only on a specific well hardened server. 3/
1
21
70
@jhalderm
J. Alex Halderman
@jhalderm
6 years
People, this is why Americans still don't have a secure voting system! @eacgov seems more concerned with creating a false sense of security than with actually boosting it. Maybe election cybersecurity should be in the hands of an agency that actually understands it.
8
53
70
@jhalderm
J. Alex Halderman
@jhalderm
4 years
@mspecter @jimmykoppel @djweitzner @censysio The bottom line: It looks like there’s a much greater risk than there should be that a network-based attacker, like a malicious WiFi router or ISP, could access Voatz’s private key, impersonate the Voatz API server, and then intercept and change votes. 8/
1
36
70
@jhalderm
J. Alex Halderman
@jhalderm
11 months
Experts' letter to @MITRECorp : “If MITRE genuinely aspires to 'provide objective analysis' about election systems, it will correct the record now and retract its dangerously misleading analysis.”
@jhalderm
J. Alex Halderman
@jhalderm
11 months
Update: 20+ leading experts in cybersecurity and elections just wrote to @MITREcorp CEO Jason Providakes urging him to retract MITRE's dangerously mistaken report. Signers include @RonRivest @schneierblog @matthew_d_green @ejsebes @ErrataRob @philipbstark
0
207
421
9
45
76
@jhalderm
J. Alex Halderman
@jhalderm
4 years
Congratulations to @UMBernhard and the rest of our @MichiganSystems team for receiving the Best Student Paper Award from IEEE Security and Privacy #sp20 ! Paper here:
Tweet media one
2
25
77
@jhalderm
J. Alex Halderman
@jhalderm
2 years
Congratulations to Dr. Allison McDonald on her successful Ph.D. defense today! @allismcdon 's work is already helping to build a safer online world for some of the most vulnerable communities, and we can't wait to see what she does next.
Tweet media one
5
6
77
@jhalderm
J. Alex Halderman
@jhalderm
3 years
@wbm312 @TheFIREorg The Canvas hack is also fake. Video guy is a TA for that class. If you look closely, he's just using the "Student View" feature while logged in with instructor privileges.
4
7
74
@jhalderm
J. Alex Halderman
@jhalderm
2 years
5/ The problem has to do with ballot-level election data, such as cast-vote records (data with the votes from each ballot) and ballot images (scans of each ballot). Many localities post such data as a form of public transparency, e.g.:
3
21
72
@jhalderm
J. Alex Halderman
@jhalderm
4 years
@mspecter @jimmykoppel @djweitzner However, the server at uses a wildcard certificate for *.nimsim.com. 4/
Tweet media one
1
21
65
@jhalderm
J. Alex Halderman
@jhalderm
4 years
@mspecter @jimmykoppel @djweitzner @censysio How hard would that be? One of the servers, , returns an HTTP header indicating it runs outdated software: "Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips PHP/5.4.16". That PHP version has dozens of CVEs. 6/
Tweet media one
7
22
64
@jhalderm
J. Alex Halderman
@jhalderm
2 years
6/ In other jurisdictions, ballot-level data is treated as a public record, and there has been a surge in FOIA requests for it: People have used FOIA requests across the country to assemble data repositories like this:
Tweet card media
Trump backers flood election offices with requests as 2022 vote nears

The requests for records related to the 2020 election have complicated preparations for November, which some officials say may be the point.

www.washingtonpost.com
1
23
70
@jhalderm
J. Alex Halderman
@jhalderm
2 years
7/ To protect privacy, ballot-level data is supposed to be randomly shuffled, but the DVSorder flaw makes it possible for anyone to unshuffle data from Dominion ICP and ICE scanners and learn the order the ballots were cast. This can sometimes be used to learn how people voted.
2
16
67
@jhalderm
J. Alex Halderman
@jhalderm
5 years
Tomorrow I'm testifying to the House Appropriations Subcommittee on Financial Service & General Government. My message: States urgently need more funding to eliminate vulnerable voting machines and switch to paper ballots, before attackers strike again.
6
24
70
@jhalderm
J. Alex Halderman
@jhalderm
3 years
@wbm312 @TheFIREorg Turns out fake "hacking" videos are a thing on TikTok.
3
4
64
@jhalderm
J. Alex Halderman
@jhalderm
3 years
Michigan's kicked off its risk-limiting audit of the presidential election. RLAs publicly confirm, without relying on potentially hackable voting equipment, that the outcome matches what's on the paper ballots. They're an essential security check that all states should practice.
@JocelynBenson
Jocelyn Benson
@JocelynBenson
3 years
Today we begin Michigan’s first ever statewide risk limiting audit. The audit, a bipartisan & transparent effort, will hand count randomly selected paper ballots to affirm the accuracy of the results of the November election. You can follow the process @MichSoS beginning at 11ET.
Tweet media one
62
138
996
7
18
68
@jhalderm
J. Alex Halderman
@jhalderm
4 years
A personal first: I just voted without leaving my car. Thanks to @A2GOV for providing drop boxes throughout the city, including this drive-up location next to City Hall. #A2votes
Tweet media one
3
6
68
@jhalderm
J. Alex Halderman
@jhalderm
3 years
Here's my analysis of what happened in Antrim County, Michigan, during the November election: Full report:
16
29
65
@jhalderm
J. Alex Halderman
@jhalderm
3 years
Question @NVElect : It looks like your statute only calls for an audit of votes cast in person. Is there any auditing of mail-in ballots (which are counted by computer scanners)?
@NVElect
Nevada Elections
@NVElect
3 years
Fun fact: Nevada was the first state in the country to require electronic voting machines to include a paper record of every vote cast. This paper vote record is audited against the recorded electronic votes. Any vote switching would be exposed during the audit.
134
896
4K
3
16
58
@jhalderm
J. Alex Halderman
@jhalderm
5 years
Read the whole thread. This is *not* how responsible companies respond to serious vulnerabilities in their products.
@rad_atl
Richard DeMillo
@rad_atl
5 years
1/I have Dominion's response to Friday's letter from NY Board of Elections. A rare glimpse into anti-security mindset of voting machine vendors. Hacking concerns may delay Westchester's $6.1M plan to buy new voting machines via @lohud READ THIS THREAD
5
79
113
2
37
62
@jhalderm
J. Alex Halderman
@jhalderm
2 years
14/ Worse, the scanners essentially all follow the same fixed sequence of 1,000,000 ballot ids. It's only the starting point in this sequence that's randomized from one batch of ballots to the next.
Tweet media one
12
17
62
@jhalderm
J. Alex Halderman
@jhalderm
2 years
22/ More from @braden_crimmins :
@braden_crimmins
Braden Crimmins
@braden_crimmins
2 years
Today my @UMich and @AuburnU colleagues are publishing info on a privacy flaw we’ve found in some U.S. voting machine models. The vulnerability, which we’re calling DVSorder, does NOT allow manipulation of votes or election results, but it could reveal how specific people voted.
10
36
98
14
20
63
@jhalderm
J. Alex Halderman
@jhalderm
2 years
8/ (a) For example, scanners usually display a count of ballots cast. I can note the count when I vote, and if my wife uses the scanner next, I'll know her ballot number too. If my locality releases vulnerable CVRs or ballot images, I can find her ballot and see how she voted.
Tweet media one
2
14
61
@jhalderm
J. Alex Halderman
@jhalderm
2 years
11/ (d) A few localities even record surveillance video in polling places. This image is from a day-long video from Georgia, obtained by others via a public records request. If the locality releases vulnerable ballot images, anyone can link each ballot to footage of who cast it.
Tweet media one
3
16
60
@jhalderm
J. Alex Halderman
@jhalderm
2 years
20/ That's why we're making our findings public now, to give election officials time to safely sanitize the data they release from the midterms. Our priority is to prevent this flaw from affecting voters this November, which is ultimately the best way to uphold public trust.
6
17
59
@jhalderm
J. Alex Halderman
@jhalderm
4 years
1 *BILLION* certificates! Simply incredible! Huge congratulations to everyone who has been part of making @LetsEncrypt a reality over the past 8 years.
@letsencrypt
Let's Encrypt
@letsencrypt
4 years
Let's Encrypt has issued *1 BILLION* TLS certificates! 🎉 #WeAreOneBillion
15
288
752
1
9
58
@jhalderm
J. Alex Halderman
@jhalderm
4 years
@mspecter @jimmykoppel @djweitzner @censysio SSLLabs gives the same server a C. 7/
Tweet media one
1
17
52
@jhalderm
J. Alex Halderman
@jhalderm
5 years
My full written statement and brief opening statement from yesterday's Congressional #ElectionSecurity hearing:
Tweet media one
4
28
54