In the lead-up to the upcoming election season, a groundbreaking live hacking event was conducted by HackerOne in partnership with the Information Technology - Information Sharing and Analysis Center (IT-ISAC). Held to ensure the integrity of voting systems, this collaborative initiative brought together multiple stakeholders including three prominent election technology manufacturers and 15 U.S.-based security researchers renowned for their expertise in hardware hacking.

The Event and Its Execution

HackerOne developed this event by leveraging its extensive experience with live hacking events. Over two days, vetted ethical hackers worked closely with election technology providers to identify vulnerabilities within election devices such as digital scanners, ballot marking devices, and electronic pollbooks. This testing provided controlled access to cutting-edge, yet-to-be-implemented software configurations. The event was also supported by discussions and panels that facilitated sharing key findings among participants.

Findings and Impact

Within the 48-hour testing window, the hackers submitted a total of 21 reports that highlighted potential security threats including ballot box stuffing, scanner denial of service, and unauthorized access to workstation interfaces. These findings strengthened the security measures of the participating manufacturers and reinforced the collaborative trust between the involved parties. This initiative backed the ongoing adoption of Vulnerability Disclosure Programs (VDPs), which offer structured avenues for reporting vulnerabilities to election technology developers.

Future Steps

Building on this success, IT-ISAC aims to update existing standards and create a sustainable framework to incorporate VDPs across the industry. Future iterations of these events are poised to invite a wider array of researchers and stakeholders, including state and local election officials, thereby expanding the scope for testing and fortifying more robust election systems. This proactive approach to securing elections underlines the critical importance of preemptively addressing potential security vulnerabilities.

For more details, visit the original source from HackerOne.