Microsoft’s Windows CE Is Still Running on Some U.S. Voting Systems

Reports suggest that some US voting machines are still running a 2003 version of Windows, which is open to several kinds of attacks.

Accuvote DRE Machine Wikimedia

In November 1996, Bill Gates announced the CE operating system at the COMDEX expo. It was quickly updated, and since then we've seen eight versions of the OS.

However, according to a VICE reporter the old versions aren't dead quite yet. AccuVote machines in Utah, Alaska, and Georgia are still running a 2003 version of

Security Concerns

University of Michigan computer science professor J. Alex Halderman says the practice is “painting a bullseye” on the election system. Halderman was able to develop vote-stealing that could be installed by practically anyone.

Furthermore, Halderman says an attacker could “create malicious code that spreads automatically and silently from machine to machine during normal election activities.”

This isn't the only example, either. Last week, Symantec released results from a simulated election it ran during a Black Hat conference in August. Several flaws were found in a voting machine bought in an auction. According to experts, touchscreen DRE systems are easy to exploit by someone with basic hacking skills.

Voter Cards

Symantec says the easiest way to commit voting fraud is via voter cards.

“Anyone who knows how to program a chip card and purchases a simple $15 Raspberry Pi-like device, could secretly reactivate their voter card while inside the of a voting booth,” said Brian Varner, a expert at the company.

Varner was also able to program the card to vote multiple times. “In both approaches, that attacker is stuffing the digital ballot box and casting doubt in the validity of the results from that polling station,” he said.

However, the scariest applications are not in the voter card, but in the machine itself. Princeton University professor Andrew W. Appel was able to compromise the ‘Advantage' model of DRE machines.

Via basic programming skills, Appel was able to install a fraudulent vote counting program that could control the computer inside the machine.

“The I built wasn't rocket science — any competent computer programmer could write the same code. Once it's installed, it could steal elections for years to come,” said Appel.

As a precautionary measure, DRE machines produce a paper record of each vote officials can examine them in the case of a recount. Unfortunately, over a dozen states are yet to fully implement the practice.

The evidence gives credence to Trump's outlandish claims of widespread voter fraud, and he could have a genuine case in the event of a close result.