Software To Capture Votes in Upcoming National Election is Insecure

Hackers could have manipulated the results of the upcoming election in Germany by using "trivial" attacks against a program used to count and transmit voting results, researchers warned on Thursday. From a report: White hat hackers from the Chaos Computer Club (CCC), a well-known hacking organization in Germany, claim to have found a series of serious vulnerabilities in PC-Wahl 10, software used by German authorities to count and transmit voting results. The researchers said their attacks show the software is in a "sad state" and that malicious hackers could have compromised it with "one click." "The amount of vulnerabilities and their severity exceeded our worst expectations," Linus Neumann, one of the researchers who conducted the study, said in a press release. The good news, however, is that the researchers believe it would have been hard for malicious hackers to get away with such attacks during the upcoming German election on September 24 without anyone noticing. "Technically, manipulation would be possible in several ways, but it is unlikely that manipulation would remain undetected," Thorsten Schroder, another researcher involved in the study, wrote in an op-ed for the magazine Der Spiegel.

Worth noting that there is no electronic voting

In Germany, we use paper ballots which are counted manually. The software is only used for transmitting and aggregating results. Every part of the process that is handled by the software is observable by the public and can be verified by the public. If the people who do the counting at the polling places make a note of the result and check that it matches what is published upstream and that the aggregation is done correctly upstream (from public input to public output according to defined, simple algorithms), then any manipulation that a hacker could inject through the flaws in this software is detectable.