"The most critical problem we found," Halderman wrote, is a "vulnerability that can be exploited to spread malware from a county's central election management system to every ballot-marking device in the jurisdiction. This makes it possible to attack the ballot-marking devices at scale, over a wide area, without needing physical access to any of them.."