Vulnerabilities Affecting Dominion Voting Systems ImageCast X
Monitor7.6ICS-CERT ICSA-22-154-01Jun 3, 2022
Attack VectorPhysical
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Multiple vulnerabilities in Dominion ImageCast X voting devices (CWE-347, CWE-1283, CWE-912, CWE-424, CWE-24, CWE-250, CWE-290, CWE-266, CWE-346) allow arbitrary code execution. These affect the ImageCast X firmware running on Android 5.1 and the ImageCast X application (versions 5.5.10.30 and 5.5.10.32) used in Dominion Democracy Suite voting systems. Exploitation requires physical access to the device and could allow an attacker to manipulate ballot data, vote tallies, or audit logs. The vulnerabilities span improper cryptographic signature verification, insecure direct object references, insufficient input validation, and improper access controls.
What this means
What could happen
An attacker with physical access to an ImageCast X voting device could execute arbitrary code on the system, potentially manipulating vote tallies, altering ballot records, or disrupting voting operations during elections.
Who's at risk
Election officials and poll workers using Dominion Democracy Suite voting systems, particularly those operating ImageCast X optical scan voting devices in municipal and county election offices. This affects anyone responsible for vote tabulation, ballot scanning, and election integrity in jurisdictions using this voting equipment.
How it could be exploited
An attacker would need physical access to the ImageCast X device to exploit these vulnerabilities. The attack could involve tampering with firmware, installing malicious code, or manipulating the barcode data that the system uses to tabulate votes. Once code execution is achieved, the attacker could alter the ballot records stored on the device or how ballots are scanned and counted.
Prerequisites
- Physical access to ImageCast X device
- No authentication required to exploit the firmware/application vulnerabilities
Physical access required but affects critical election infrastructureMultiple vulnerability types allow code executionNo patch currently available from vendorAffects safety/integrity of voting systemCould impact vote accuracy and election integrity
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 pending
ProductAffected VersionsFix Status
ImageCast X firmware, as used in Dominion Democracy Suite Voting Systembased on Android 5.1No fix yet
ImageCast X application, as used in Dominion Democracy Suite Voting System5.5.10.30 | 5.5.10.32No fix yet
Remediation & Mitigation
0/12
Do now
0/6HARDENINGEnsure all ImageCast X devices and Election Management System are not connected to any Internet-accessible networks
HARDENINGImplement physical security measures including locks and tamper-evident seals on all ImageCast X devices, printers, and connecting cables
WORKAROUNDClose all background application windows on each ImageCast X device before use
HARDENINGAssign separate, unique passcodes for each poll worker card
HARDENINGDisable the 'Unify Tabulator Security Keys' feature and generate new cryptographic keys for each election
HARDENINGEnforce chain of custody procedures throughout the election cycle
Schedule — requires maintenance window
0/6Patching may require device reboot — plan for process interruption
HOTFIXContact Dominion Voting Systems to obtain and apply software and firmware updates from subsequent versions
HARDENINGUse read-only media when updating software or installing files on ImageCast X devices
HARDENINGPerform rigorous pre- and post-election testing on all ImageCast X devices
HARDENINGUse supplemental validation method to verify hashes on applications, audit log exports, and application exports
HARDENINGConduct rigorous post-election audits including ballot chain of custody verification and voter/ballot reconciliation
WORKAROUNDConfigure ImageCast X to produce ballots without barcodes for tabulation where feasible
CVEs (9)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/5fbd29d8-2458-41e6-9b1e-a0586aba85b2