Dominion Voting SystemsImageCast Democracy SuiteImageCast is a prime example of a vulnerable optical scan system and its associated components. Itdebunks the notion that only DRE systems are vulnerable to malicious adversaries.The DemocracySuite is a paper-based optical scan system that includes an Election Management System (EMS), theImageCast Precinct (ICP), a precinct-based optical scan ballot tabulator, the ImageCast Evolution(ICE),a precinct scanner with optional ballot marking capabilities, and the ImageCast Central (ICC), ahigh-speed central ballot scan tabulator based on COTS hardware. As with ClearVote, the use ofCOTS components increases transparency, but it may also increase the attack surface.The ICP has asmall touchscreen to allow users, ranging from poll-workers to attackers, to access diagnostic andconfiguration settings. The system scans and interprets voter ballots and stores and tabulates each votefrom each paper ballot incompatible ballot storage boxes. An ATI device provides additionalaccessibility to voters through “sip and puff” or by allowing them to listen to options as audio withvariable speed and playback functionality. Because the ATI is directly connected to the tabulator, thereis no paper ballot when votes are cast using ATI; further, the direct connection can be exploited by anattacker to gain control over the system. The ICE scans, interprets, and tabulates voter ballots and itdisplays them back to the voter through an LCD display.The ICC is a central ballot tabulator thatrelies on a Canon DR-X10C or Canon DR-7550C scanner and a proprietary ballot processingapplication software [12]. Exploits for these COTS systems can be easily found online and used todisrupt the paper audit trail.In one 2012 Wyle Laboratories security assessment of the suite for the EAC, the EMS, which washosted on a Sell Precision T1500 with a Rocsecure Commander 2UE external hard drive,passwordpolicy complexity was disabled, administrative and guest accounts had not been disabled or renamed,the backup and restore privilege was disabled, “audit shutdown system if unable to log security audits”was disabled, “FIPS Compliant Algorithms for Encryption Hashing and Signing” were disabled, andseveral user accounts were found to perform tasks outside their defined roles. Analysis of the ICP found that USB ports were properly disabled and the RJ45 connector only allowed foroperation of theATI device. Networked connection to the system was disabled (except the connection light) and noinformation was accessible. In the ICE, a hole was discovered in the ballot box that was large enoughto permit “ballot stuffing”.All other access points appeared to be locked or sealed [17].