Vendor admits election systems included remote software

A vendor admitted to compromising its election system security by installing remote access software on systems over the span of six years but claims to have stopped the practice. Election system security was compromised by the installation of remote access software on systems over the span of six years, a vendor admitted in a letter to a senator. Election Systems & Software (ES&S), a voting machine manufacturer based in Omaha, Neb., admitted it installed the flawed PCAnywhere remote access software on its election management system (EMS) workstations for a "small number of customers between 2000 and 2006," according to a letter sent to Sen. Ron Wyden (D-Ore.) that was obtained by Motherboard. The PCAnywhere source code was stolen from Symantec servers in 2006, leaving the software vulnerable, and further issues in 2012 caused Symantec to suggest users uninstall the program before officially putting PCAnywhere to its end of life in 2014. ES&S had previously denied knowledge of the use of remote access software on its election management systems but told Wyden about the vulnerable software that could have put voting machine security at risk. ES&S wrote that it stopped installing the PCAnywhere software in December 2007 due to new policies enacted by the Election Assistance Commission regarding voting machine security.