Skip to main content
WeLoveTrump.com may receive compensation from affiliate partners for some links on the site. Read our full Disclosure here.

CISA Report Indicates 9 Potential Security Vulnerabilities Found in Dominion Voting Machines


799 views

With all the activity leading into the weekend, there was a significant report that was released on Friday that has flown under the radar. Whether that’s because no one noticed or because the main stream media doesn’t want any attention drawn to it, the report brings a lot of clarity in regards to what many suspected regarding the Dominion voting machines.

As most of America knows by now, Dominion machines were the units of choice for many states across the US during the 2020 election.

These machines were often at the center of instances where Republicans and the Trump campaign were contesting the voting results. From lost flash drives to suitcases, what happened in 2020 bordered on the level of insanity.

If you think CISA sounds familiar, it should. When questions about voting irregularities came out, especially in regards to Dominion voting machines, it was CISA that came to their defense.

In fact they contributed heavily to the “most secure election in history” narratives that the Left used to bully anyone who would dare question them.

Well, it seems that by their own report released on Friday, there are many that are calling their initial statements about election integrity into question. Becker News breaks down the whole thing for us.

Check it out.

A highly anticipated report issued Friday by the Cybersecurity and Infrastructure Agency, also known as CISA, is providing official documentation of the major security flaws posed by Dominion Voting Systems Machines. It comes nearly two years after the 2020 presidential election, which the agency had called the “most secure election in history.”

Better late than ever I suppose. Of course possibly due to the litigious nature of Dominion and other folks that would come after the pencil pushers at CISA, they prefaced this by saying that there is not definitive proof that these vulnerabilities were ever exploited. Becker News calls this out.

While the CISA report states that it has “no evidence that these vulnerabilities have been exploited in any elections,” it nonetheless highlights at least nine concrete, alarming security vulnerabilities. The CISA report was issued based on the analysis of J. Alex Halderman of the University of Michigan, and Drew Springall of Auburn University.

In fact when you read the entire report, it brings flashbacks of the Muller report that gave a list of a thousand reasons why Hillary Clinton was guilty regarding the hard drive scandal but then at the very end was like, “yeah, but none of this proves anything”. CISA covering themselves here feels very similar.

The report also lists the different versions that these vulnerabilities were tied to. Turns out, a lot of them.

The CISA report cites the following versions were affected.

The following versions of the Dominion Voting Systems ImageCast X software are known to be affected (other versions were not able to be tested):

  • ImageCast X firmware based on Android 5.1, as used in Dominion Democracy Suite Voting System Version 5.5-A
  • ImageCast X application Versions 5.5.10.30 and 5.5.10.32, as used in Dominion Democracy Suite Voting System Version 5.5-A
    • NOTE: After following the vendor’s procedure to upgrade the ImageCast X from Version 5.5.10.30 to 5.5.10.32, or after performing other Android administrative actions, the ImageCast X may be left in a configuration that could allow an attacker who can attach an external input device to escalate privileges and/or install malicious code. Instructions to check for and mitigate this condition are available from Dominion Voting Systems.

What is infuriating about all this is that anyone without an agenda and with an ounce of common sense had a suspicion that things were not entirely right during the 2020 elections. Too many coincidences, too many unexplained unlawful behaviors to simply explain away. Yet, we were all told we were being ignorant peasants that just didn’t understand how these new-fangled computers and voting machines really worked.

Well, based on this report, it seems neither did CISA.

Becker News points out:

The security vulnerabilities justify the concerns of election observers who pointed out that admin rights could be used to override security features and that the system could potentially be hijacked due to “spoofing.”

It took two years for CISA to finally come out and tell us what most of us already knew. According to their report, it wasn’t just one or two vulnerabilities. It was NINE.

They weren’t just minor vulnerabilities. Some of them could have been used to disastrous effect. I mean, look for yourself.

From the CISA Report:

2.2 VULNERABILITY OVERVIEW

NOTE: Mitigations to reduce the risk of exploitation of these vulnerabilities can be found in Section 3 of this document.

2.2.1    IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347

The tested version of ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to detect tampering. An attacker could leverage this vulnerability to install malicious code, which could also be spread to other vulnerable ImageCast X devices via removable media.

49) { ?>

CVE-2022-1739 has been assigned to this vulnerability.

2.2.2    MUTABLE ATTESTATION OR MEASUREMENT REPORTING DATA CWE-1283

The tested version of ImageCast X’s on-screen application hash display feature, audit log export, and application export functionality rely on self-attestation mechanisms. An attacker could leverage this vulnerability to disguise malicious applications on a device.

CVE-2022-1740 has been assigned to this vulnerability.

2.2.3    HIDDEN FUNCTIONALITY CWE-912

The tested version of ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code.

CVE-2022-1741 has been assigned to this vulnerability.

2.2.4    IMPROPER PROTECTION OF ALTERNATE PATH CWE-424

The tested version of ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.

CVE-2022-1742 has been assigned to this vulnerability.

2.2.5    PATH TRAVERSAL: ‘../FILEDIR’ CWE-24

The tested version of ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. An attacker could leverage this vulnerability to spread malicious code to ImageCast X devices from the EMS.

9) { ?>

CVE-2022-1743 has been assigned to this vulnerability.

2.2.6    EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250

Applications on the tested version of ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.

CVE-2022-1744 has been assigned to this vulnerability.

2.2.7    AUTHENTICATION BYPASS BY SPOOFING CWE-290

The authentication mechanism used by technicians on the tested version of ImageCast X is susceptible to forgery. An attacker with physical access may use this to gain administrative privileges on a device and install malicious code or perform arbitrary administrative actions.

CVE-2022-1745 has been assigned to this vulnerability.

2.2.8    INCORRECT PRIVILEGE ASSIGNMENT CWE-266

The authentication mechanism used by poll workers to administer voting using the tested version of ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment.

CVE-2022-1746 has been assigned to this vulnerability.

2.2.9    ORIGIN VALIDATION ERROR CWE-346

The authentication mechanism used by voters to activate a voting session on the tested version of ImageCast X is susceptible to forgery. An attacker could leverage this vulnerability to print an arbitrary number of ballots without authorization.

CVE-2022-1747 has been assigned to this vulnerability.

And yet, we were told that this was the most secure election in history in the face of countless documented inconsistencies and without any of the facts apparently.

It should be noted that a number of these mitigation measures were not followed during the 2020 presidential election. These include ensuring physical security of machines and equipment, as demonstrated by lost flash drives; broken chain-of-custody procedures (ballot drop boxes often led to such violations of election law); machines proven to have been connected to the Internet; missing or destroyed ballot images; and the use of QR Codes rather than human-readable vote printouts.

With a report as significant as this, some may ask why it’s not being covered more. Conservatives that have been following these events are not strangers to the answer. This report and the others that have come before it demonstrate that despite what “elections officials” tell us, questions need to be asked.

I leave you with CISA’s announcement shortly after the 2020 election results came out. They definitely don’t age well in the face of this new report.

“While we know there are many unfounded claims and opportunities for misinformation about the process of our elections, we can assure you we have the utmost confidence in the security and integrity of our elections, and you should too,” the statement said. “When you have questions, turn to elections officials as trusted voices as they administer elections.”



 

Join the conversation!

Please share your thoughts about this article below. We value your opinions, and would love to see you add to the discussion!

We Love Trump
Thanks for sharing!