Slashdot Mirror

← Back to Stories (view on slashdot.org)

Software To Capture Votes in Upcoming National Election is Insecure (vice.com)

Posted by msmash on from the dispatch dept.

Hackers could have manipulated the results of the upcoming election in Germany by using "trivial" attacks against a program used to count and transmit voting results, researchers warned on Thursday. From a report: White hat hackers from the Chaos Computer Club (CCC), a well-known hacking organization in Germany, claim to have found a series of serious vulnerabilities in PC-Wahl 10, software used by German authorities to count and transmit voting results. The researchers said their attacks show the software is in a "sad state" and that malicious hackers could have compromised it with "one click." "The amount of vulnerabilities and their severity exceeded our worst expectations," Linus Neumann, one of the researchers who conducted the study, said in a press release. The good news, however, is that the researchers believe it would have been hard for malicious hackers to get away with such attacks during the upcoming German election on September 24 without anyone noticing. "Technically, manipulation would be possible in several ways, but it is unlikely that manipulation would remain undetected," Thorsten Schroder, another researcher involved in the study, wrote in an op-ed for the magazine Der Spiegel.

9 of 91 comments (clear)

  1. This is insane by jd · · Score: 2

    It is not difficult to build a highly secure e-voting system with highly robust, highly secure reporting.

    This is the minimum standard that should be considered acceptable.

    Ok, so how do you do this?

    1. A system is no better than the platform it is on. So you want a formally verified, tamper-proof platform with no extraneous physical connections.

    2. The software should be designed using formal methods (coloured petri nets will work because there are only a fixed number of well-known arcs under well-known conditions, learning from SEL4 won't kill anyone either).

    3. Votes should be retained in encrypted form, each voter's public key being on their voter registration card in a computer-readable form (but not remotely readable), and stored in multiple locations. This eliminates the possibility of any database admin trying to delete or insert votes, as the hashes won't tally. Blockchain can be used to ensure majority consent on the hashes, thus excluding corrupt institutions.

    4. The server that generates the public/private key pairs should feed the private keys only to official Orange Book A1 servers for counting.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
    1. Re:This is insane by fustakrakich · · Score: 2

      Sorry, e-voting will never be secure. It will always be black box mysticism.

      --
      “He’s not deformed, he’s just drunk!”
    2. Re:This is insane by Train0987 · · Score: 2

      It may not be difficult but it sure as hell is expensive. Most voting equipment is only used once every several years. The added expense is unnecessary and is only wanted by the media so they can get better ratings on election night. There's nothing wrong with waiting a few hours for results.

    3. Re:This is insane by CrimsonAvenger · · Score: 2

      3 & 4 above seem to imply that anyone who gets hold of a voter registration card will be able to vote on the owner's behalf.

      Was this intended? If so, you might want to rethink this proposed standard....

      --

      "I do not agree with what you say, but I will defend to the death your right to say it"
  2. Paper ballots & manual counting fine by me by dstyle5 · · Score: 4, Insightful

    Sure it will take longer to count votes with people instead of software, but I'm fine with that. I'd rather it take hours for paper ballots to be counted than have the possibly of government officials or hackers corrupting the voting system. Politicians will bend over backwards to stay in power, giving them an easy way to manipulate votes in their favor makes me uneasy.

    So far here in Alberta all federal and provincial elections I've participated in have used paper-based voting systems and been counted by hand (AFAIK), hopefully it stays this way.

  3. Worth noting that there is no electronic voting by Anonymous Coward · · Score: 5, Informative

    In Germany, we use paper ballots which are counted manually. The software is only used for transmitting and aggregating results. Every part of the process that is handled by the software is observable by the public and can be verified by the public. If the people who do the counting at the polling places make a note of the result and check that it matches what is published upstream and that the aggregation is done correctly upstream (from public input to public output according to defined, simple algorithms), then any manipulation that a hacker could inject through the flaws in this software is detectable.

    1. Re:Worth noting that there is no electronic voting by Nidi62 · · Score: 2

      In Germany, we use paper ballots which are counted manually. The software is only used for transmitting and aggregating results. Every part of the process that is handled by the software is observable by the public and can be verified by the public. If the people who do the counting at the polling places make a note of the result and check that it matches what is published upstream and that the aggregation is done correctly upstream (from public input to public output according to defined, simple algorithms), then any manipulation that a hacker could inject through the flaws in this software is detectable.

      Arguably it is better for the manipulator that it is detected. Sure, by manipulating the tally secretly you might get your preferred candidate elected but it would still have to be a one of the leading candidates otherwise you rouse suspicion, meaning the damage is limited. If you can invalidate the government in such a public way then you start undermining the trust the population has for the government. Shake the population's confidence in government and you have done real damage.

      --
      The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
  4. But Why by sdinfoserv · · Score: 2

    Given:
    1) The critical importance of voting in Democratic societies,
    2) The ease at which eVoting devices appear to be compromised,
    3) The effectiveness paper voting as proven over untold millennium
    4) The inherent lack of accountability in current eVoting ,
    No logs, Insecurely stored, No validation, etc

    It begs the question, why even bother with eVoting machines? Just because it’s “new”, “electronic”, can be “web enabled”, seems insufficient to perch the entire construct of Democracy on such weaknesses

  5. Re:It's corruption by HornWumpus · · Score: 2

    The UN has established 'best practices'. It's time the first world accepts that those standards are not just for the 'stans' and banana republics.

    Paper ballots, see through ballot boxes (so they aren't half full at the start), tracked chain of custody of the boxes, ID requirements and stained fingers. All interested parties can have a representative in the counting rooms and polling stations. Done.

    --
    John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'