WSJ [paywall]- The flaw in Election Systems & Software’s Model 650 high-speed ballot-counting machine was detailed in 2007

“Election machines used in more than half of U.S. states carry a flaw disclosed more than a decade ago that makes them vulnerable to a cyberattack, according to a report to be delivered Thursday on Capitol Hill. The issue was found in the widely used Model 650 high-speed ballot-counting machine made by Election Systems & Software LLC, the nation’s leading manufacturer of election equipment. It is one of about seven security problems in several models of voting equipment described in the report, which is based on research conducted last month at the Def Con hacker conference. The flaw in the ES&S machine stood out because it was detailed in a security report commissioned by Ohio’s secretary of state in 2007, said Harri Hursti, an election-security researcher who co-wrote both the Ohio and Def Con reports. “There has been more than plenty of time to fix it,” he said. While the Model 650 is still being sold on the ES&S website, a company spokeswoman said it stopped manufacturing the systems in 2008. The machine doesn’t have the advanced security features of more-modern systems, but ES&S believes “the security protections on the M650 are strong enough to make it extraordinarily difficult to hack in a real world environment,” the spokeswoman said via email. The machines process paper ballots and can therefore be reliably audited, she said. The Def Con report is the latest warning from researchers, academics and government officials who say election systems in the U.S. are at risk to tampering. Earlier this month, the National Academies of Sciences, Engineering, and Medicine recommended U.S. states move away from voting machines that don’t include paper ballots. And senior intelligence officials have described Russian efforts to interfere in the 2018 midterm elections as deep, real and ongoing…”

• See also the U.S. Election Assistance Commission: “This report details the findings of one part of the Ohio Secretary of State’s EVEREST: Evaluation and Validation of Election-Related Equipment, Standards and Testing initiative. The goal of this review was to assess the security of electronic voting systems used in Ohio, and to identify any procedures that may eliminate or mitigate discovered issues. The review teams were provided the source-code (computer instructions), software, and election equipment for the majority of systems used in Ohio. During the 9 week review, security researchers at three institutions studied the software and systems and identified and confirmed security issues. The evaluated systems included those designed and developed by Election Systems and Software (ES&S), Hart InterCivic (Hart) and Premier Election Solutions (Premier, formerly Diebold).”
• Note: “Maryland’s new voting system is a voter-verifiable paper based solution leased from Election Systems and Software (ES&S).”
• See also – Voting methods and equipment by state and Voting Equipment in the United States.