Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Privacy Politics

Researchers Find Critical Backdoor In Swiss Online Voting System (vice.com) 69

An international group of researchers who have been examining the source code for an internet voting system that Switzerland plans to roll out this year have found a critical flaw in the code that would allow someone to alter votes without detection. New submitter eatmorekix shares a report: The cryptographic backdoor exists in a part of the system that is supposed to verify that all of the ballots and votes counted in an election are the same ones that voters cast. But the flaw could allow someone to swap out all of the legitimate ballots and replace them with fraudulent ones, all without detection. "The vulnerability is astonishing," said Matthew Green, who teaches cryptography at Johns Hopkins University and did not do the research but read the researchers' report. "In normal elections, there is no single person who could undetectably defraud the entire election. But in this system they built, there is a party who could do that."

The researchers provided their findings last week to Swiss Post, the country's national postal service, which developed the system with the Barcelona-based company Scytl. Swiss Post said in a statement the researchers provided Motherboard and that the Swiss Post plans to publish online on Tuesday, that the researchers were correct in their findings and that it had asked Scytl to fix the issue. It also downplayed the vulnerability, however, saying that to exploit it, an attacker would need control over Swiss Postâ(TM)s secured IT infrastructure "as well as help from several insiders with specialist knowledge of Swiss Post or the cantons."

This discussion has been archived. No new comments can be posted.

Researchers Find Critical Backdoor In Swiss Online Voting System

Comments Filter:
  • I have to say that this finding has made the whole system more secure. This is difficult to say for closed source systems.
    • by sycodon ( 149926 ) on Tuesday March 12, 2019 @05:05PM (#58264102)

      Online voting is folly. Even mail in voting lacks adequate chain of custody policies.

      • Interesting. What's more secure: a heavy steel door or a 4096 bits key? Among the key combinations, one works for sure. The neophyte says "The door is not for me, too impressive ; but the key, if I'm lucky...". Back to votes, what's more dangerous: a hack that will allow someone working hard to change 1% of the votes, or some influent yet seemingly innocent media that pushes in one direction?
    • by Anonymous Coward

      I have to say that this finding has made the whole system more secure. This is difficult to say for closed source systems.

      Well, not according to a related article [vice.com].

      (...)
      Although Swiss Post claims the system has undergone three audits by auditing giant KPMG— among them an audit of the end-to-end encryption—it has never made the auditing reports public or indicated if anything significant got changed as a result of the audits.

      “Even if you sat down and read every line and determined everything was good, the code still wouldn’t pass the bar for being good code,” (...)

      (...) As part of the test, the Swis

  • Any system where records are opaquely held is ripe for abuse and fraud.
  • by ShanghaiBill ( 739463 ) on Tuesday March 12, 2019 @04:48PM (#58263970)

    So the takeaway is that the Swiss make their voting systems the same way they make their cheese: full of holes.

  • First point: score one for open-source-based economy. The problem can now get fixed without the usual denials from the usual vested interests.

    Question: The article says the backdoor allows changes to be "undetected." If the voting system is online isn't there a way that you can go back and verify that your vote was counted correctly?

    • by shilly ( 142940 ) on Wednesday March 13, 2019 @08:47AM (#58266952)

      There is *no* way to verify your vote was counted correctly with online voting. It's conceptually impossible -- at the end of the day, you're always reduced to trusting that the thing on the screen in front of you in some way corresponds to reality and isn't just telling you what you want to hear.

      What's worse is, quite a lot of quite clever people -- certainly much cleverer than the average voter -- are heavily invested in saying that you can, in fact, verify an online vote reliably. So they create and describe complex and elaborate protocols that they solemnly swear (or fervently believe) are 100% effective. But an average voter can't begin to know whether the protocols are effective. The complexity of these systems is well beyond their comprehension -- which is no slur on the average voter, I include myself in that category. Ultimately, we're still reduced to being asked to put our faith in a black box coupled with various people saying "trust us, it's totes legit".

      • > There is *no* way to verify your vote was counted correctly with online voting.

        Unless you are volunteering to oversee the paper ballot counting process (of your own polling place, which if I am not mistaken is not usually even possible in most jurisdictions with paper ballots), the exact same is true for paper ballots. So what, exactly, is your point?

        If it's that overseeing paper ballot counting is within the abilities of far more individuals than overseeing online voting, then I agree.

        • by shilly ( 142940 ) on Wednesday March 13, 2019 @11:31AM (#58267740)

          It's a bit more than the fact that "overseeing paper ballot counting is within the abilities of far more individuals than overseeing online voting". It's that I don't *need* to check my individual result for a paper count. A big box of paper ballots is emptied in front of lots of people and lots of people then set to work counting. And other people check their counts. And check the sums when the counts from various boxes are added. There's no need to provide traceability of an individual vote because the conceptual model is different from an online vote: I physically place my paper ballot in the box which is in plain view of lots of people who all keep each other honest, and every step from then on is also in plain view of lots of people who keep each other honest. And it can all easily be recounted.

      • I can verify each and every ATM transaction and online banking transaction I ever made. Have for millions of dollars of transactions over decades.

        And the system has made mistakes. I see them, call up, and they are corrected. Sometimes the bank corrects them before I even notice.

        Not just me. Billions of customers world wide have the same capability.

        And we can't have a secure online voting system. Really.

        • by shilly ( 142940 )

          Don't you see the fundamental difference? An error at an ATM is checkable by you because it affects your bank balance. You know in advance what the right answer should be. An error (or deliberate falsification) of your vote count in an election is not checkable by you because you don't know in advance what the right answer should be when it's summed with all the other counts. This is an insuperable distinction.

          • You don't seem to understand the available technology very well.

            The list of all votes should be publicly accessible, countable by everyone and anyone. One URL per precinct, for example.

            Each vote is anonymous but has a digital signature. Anyone can verify any vote for which they have the key which is on the receipt they got when they voted. That could be either online or at the polling place on a cheap-ass voting machine. (A Raspberry Pi with a display and mouse could do it.) But the local voter

      • Trusting math means others can find holes and they can eventually be fixed. You should probably issue an HMAC on your vote using your private key (so then you have a key management problem, not a voting problem...) .

        Trusting people means every single time malfeasance will happen somewhere and that can never get better. So that's worse.

        But voting is the suggestion box of slaves so even if the technical problems are solved there's not likely to be any real change anyway. Securing voting is just a proxy sym

  • by Wild_dog! ( 98536 ) on Tuesday March 12, 2019 @05:05PM (#58264098)

    There must always be a paper trail.
    Then there is less likelihood that a breach won't be detected and an actual manual vote count is possible.

  • by grep -v '.*' * ( 780312 ) on Tuesday March 12, 2019 @05:09PM (#58264130)

    an attacker would need control over Swiss Post's secured IT infrastructure "as well as help from several insiders with specialist knowledge

    I've got some chocolate to trade for a password or two. Or if not that, maybe some cheese?

    Science Daily: Social engineering: Password in exchange for chocolate [sciencedaily.com]

  • Don't bother (Score:5, Insightful)

    by rickb928 ( 945187 ) on Tuesday March 12, 2019 @05:13PM (#58264162) Homepage Journal

    The state of the art is inadequate to ensure secure, valid, accurate vote acquisition and tabulation. And there is no reason to expect it will be any time soon.

    Just stop. Those most interested in electronic voting are either profiting from the deployment, or profiting from manipulating the results.

  • by rgmoore ( 133276 ) <glandauer@charter.net> on Tuesday March 12, 2019 @06:59PM (#58264740) Homepage

    It also downplayed the vulnerability, however, saying that to exploit it, an attacker would need control over Swiss PostÃ(TM)s secured IT infrastructure "as well as help from several insiders with specialist knowledge of Swiss Post or the cantons."

    Saying that the only people who could steal an election are a small cabal of government insiders is not particularly reassuring.

  • Comment removed based on user account deletion
  • Count the paper votes in front of the needed set of witnesses.
    Send the same count from each area to a final vote count.
    Why trust a computer not to flip votes due to the politics of some NGO, think tank, mil, politics, other nation wanting Swiss votes to sway policy globally?
    Return to paper and count every vote.
    Make Swiss voting secure again.
  • by JasterBobaMereel ( 1102861 ) on Wednesday March 13, 2019 @04:05AM (#58266134)

    All computer systems are a black box, even if they are open source, how do you tell that is what the system is running ... and if you can, how do we know it is still running that after you looked ... and the system that is supposed to flag changes... who wrote that ... and can we verify it ... etc ... etc ... etc ...

  • Comment removed based on user account deletion
  • Switzerland votes to not be neutral, supports Russia!

The computer is to the information industry roughly what the central power station is to the electrical industry. -- Peter Drucker

Working...