The Cylance Team — Nov 4, 2016
The following proof of concept video demonstrates the techniques Cylance researchers used to compromise a Sequoia AVC Edge Mk1 voting machine.
The video shows how easy it is for a third party to reflash the firmware with a PCMCIA card, and directly manipulate the voting tallies in memory.
Additionally, the video demonstrates how vote tallies can be manipulated on both the Public Counter and the Protective Counter, which was designed to act as a redundant verification system to ensure results are valid.
Similar methods of exploitation have been proposed on a theoretical basis by other researchers, such as those in the 2007 paper ‘Source Code Review of the Sequoia Voting System‘ (PDF), and then later discussed in the Politico article ‘How to Hack an Election in 7 Minutes‘, but Cylance is the first to demonstrate an exploit in a real-world scenario.