On Friday, June 3rd, CISA released its much-anticipated report on Dominion Voting Machines before the weekend news break.
A week earlier, CNN admitted that Dominion Voting Machine Software has flaws that can be exploited.
The individual who was performing the investigation was no fan of President Trump. He released the report from his work and this was covered up immediately by corrupt Obama Judge Amy Totenberg, who we wrote about this morning. Judge Totenberg has withheld this report to this day. This is just another example of judicial overreach and corruption and coverup of the 2020 Election steal.
On Friday the government agency, CISA, released a report that was in response to the issues identified in the Halderman report. We know this because the CISA report says so:
J. Alex Halderman, University of Michigan, and Drew Springall, Auburn University, reported these vulnerabilities to CISA.
The report then lists a number of significant issues with the election system that ran the 2020 Election in Georgia. In the corporate world, a system like this would be thrown out and replaced before ever being put in use, but this is the state government in Georgia and we have seen over the past few years how inept and unprincipled these state governments can be.
The corrupt actors in Georgia, including the Secretary of State and Judge Totenberg, ensured that the Dominion system remains in place with the material issues included in the Halderman report and described in the CISA report.
Here is a list of material weaknesses embedding the Dominion system used in Georgia according to CISA. In its vulnerability review CISA now admits that the Dominion Voting Systems allow for access from almost anyone, allows for malicious software to be loaded on a device, allows for attackers to use a different mode on the system, and print a number of ballots without detection:
NOTE: Mitigations to reduce the risk of exploitation of these vulnerabilities can be found in Section 3 of this document.
2.2.1 IMPROPER VERIFICATION OF CRYPTOGRAPHIC SIGNATURE CWE-347
The tested version of ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to detect tampering. An attacker could leverage this vulnerability to install malicious code, which could also be spread to other vulnerable ImageCast X devices via removable media.
CVE-2022-1739 has been assigned to this vulnerability.
2.2.2 MUTABLE ATTESTATION OR MEASUREMENT REPORTING DATA CWE-1283
The tested version of ImageCast X’s on-screen application hash display feature, audit log export, and application export functionality rely on self-attestation mechanisms. An attacker could leverage this vulnerability to disguise malicious applications on a device.
CVE-2022-1740 has been assigned to this vulnerability.
2.2.3 HIDDEN FUNCTIONALITY CWE-912
The tested version of ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code.
CVE-2022-1741 has been assigned to this vulnerability.
2.2.4 IMPROPER PROTECTION OF ALTERNATE PATH CWE-424
The tested version of ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.
CVE-2022-1742 has been assigned to this vulnerability.
2.2.5 PATH TRAVERSAL: ‘../FILEDIR’ CWE-24
The tested version of ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. An attacker could leverage this vulnerability to spread malicious code to ImageCast X devices from the EMS.
CVE-2022-1743 has been assigned to this vulnerability.
2.2.6 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250
Applications on the tested version of ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code.
CVE-2022-1744 has been assigned to this vulnerability.
2.2.7 AUTHENTICATION BYPASS BY SPOOFING CWE-290
The authentication mechanism used by technicians on the tested version of ImageCast X is susceptible to forgery. An attacker with physical access may use this to gain administrative privileges on a device and install malicious code or perform arbitrary administrative actions.
CVE-2022-1745 has been assigned to this vulnerability.
2.2.8 INCORRECT PRIVILEGE ASSIGNMENT CWE-266
The authentication mechanism used by poll workers to administer voting using the tested version of ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment.
CVE-2022-1746 has been assigned to this vulnerability.
2.2.9 ORIGIN VALIDATION ERROR CWE-346
The authentication mechanism used by voters to activate a voting session on the tested version of ImageCast X is susceptible to forgery. An attacker could leverage this vulnerability to print an arbitrary number of ballots without authorization.
CVE-2022-1747 has been assigned to this vulnerability.
Professor Halderman notes in a previous presentation the many ways that US elections are at risk for manipulation.
CISA in their report in one of the first sentences claims the following:
CISA has no evidence that these vulnerabilities have been exploited in any elections.
This means that they could have been used in the 2020 Election and no doubt they were.
The Gateway Pundit has been reporting on Dominion for two years now. It appears officials finally caught up to something we already knew.
The report shows that software could be leveraged by an attacker to gain elevated privileges and to install malicious code.
Despite this news, later in June Delaware Judge Eric Davis gave Dominion the go ahead in their $1.6 billion lawsuit against FOX News, Newsmax and OAN for their coverage of the 2020 election.
The leftist judge claims FOX News knew their claims against Dominion voting machines were false.
But how could they be false when we all now know that Dominion voting machines can be manipulated?
And why are Dominion machines are any similar voting machines still allowed to be used in any US election with such vulnerabilities?
The far-left Guardian reported:
In June, Dominion Voting Systems, which provided voting machines to 28 states, was given the go-ahead to sue Fox Corp, the parent company of Fox News, in a case that could draw Rupert Murdoch and his son, Lachlan, into the spotlight.
In the $1.6bn lawsuit, Dominion accuses Fox Corp, and the Murdochs specifically, of allowing Fox News to amplify false claims that the voting company had rigged the election for Joe Biden.
Fox Corp had attempted to have the suit dismissed, but a Delaware judge said Dominion had shown adequate evidence for the suit to proceed. Dominion is already suing Fox News, as well as OAN and Newsmax.
“These allegations support a reasonable inference that Rupert and Lachlan Murdoch either knew Dominion had not manipulated the election or at least recklessly disregarded the truth when they allegedly caused Fox News to propagate its claims about Dominion,” Judge Eric Davis said.
Davis’s ruling is not a guarantee that Fox will be found liable. But the judge made it clear that this isn’t some frivolous attempt by Dominion – and media and legal experts think Fox could be in real trouble.
“Dominion has a very strong case against Fox News – and against OAN for that matter,” said Ciara Torres-Spelliscy, a professor who teaches constitutional law at Stetson University and a fellow at the Brennan Center for Justice, a nonpartisan law and policy institute.
“The reason Dominion is suing is because Fox and other rightwing news outlets repeated vicious lies that Dominion’s voting machines stole the 2020 election from Trump for Biden. But all of these conspiracy theories about Dominion’s machines were just pure bunk, and Fox as a news organization should have known that and not given this aspect of the big lie a megaphone.”
The post Judge Gives Go-Ahead to Dominion to Sue FOX, OAN Despite Recent Report that Identifies Massive System Vulnerabilities in Dominion Systems That May Have Been Previously Exploited appeared first on The Gateway Pundit.
