Leak in Swiss voting system allows covert change of votes

Spread the love

Researchers have found a serious vulnerability in the internet voting system that Switzerland planned to introduce this year. The leak makes it possible to manipulate votes on a large scale without being detected.

The leak was found in the new internet voting system Swiss Post plans to deploy this year, Motherboard said. This system is made by the Spanish company Scytl. Swiss Post, a public company owned by the Swiss Confederation, announced earlier this year that it would conduct a pen test for hackers and security companies. They had to sign an agreement that they would inform Swiss Post of the findings and would not publish it until 45 days after that notification. However, the source code of the system appeared online, after which many more researchers could get to work with the software.

Researchers from the University of Melbourne, UCLouvain and the Open Privacy Research Society took a closer look at the code posted online and found a serious vulnerability. Swiss citizens are required to enter their date of birth and a code obtained for internet voting, after which their vote is sent encrypted to Swiss Post’s servers.

The researchers write that the e-voting system is based on complete verifiability. This is a slightly less strict premise than universal verifiability, which assumes that all hardware components in the system’s chain are unreliable. Even then, the internet voting system should remain reliable. With complete verifiability, the assumption is that at least a computer running the voting software is safe.

The researchers write that four servers at Swiss Post’s system shuffle votes in a chain. This is somewhat similar to how paper ballots are randomly mixed up in a ballot box. Next, this mix network must verify, based on zero-knowledge proof, that the encrypted input of votes corresponds to the differently-encrypted output.

The vulnerability allows attackers to provide proof that it passes authentication, opening the door to abuse. In their paper, the researchers give two examples of manipulation in this way. They also indicate that they have not thoroughly tested all aspects of the system. Previously, crypto experts who took a look at the leaked code told Motherboard that it was unnecessarily complex and did not appear to be very well constructed.

Swiss Post then indicated that the system had already had three professional audits, including by KPMG. The agency has not published those results. In response to the new findings, Swiss Post acknowledges the existence of the leak. Scytl is going to fix this. To exploit the vulnerability, an attacker would have to gain access to Swiss Post’s IT infrastructure and get help from internal experts, the agency emphasizes.

The official pen test will last until March 24 and it could take up to several weeks after that before any problems found are made public. The reward is 20,000 Swiss francs, or 17,600 euros, for leaks to manipulate votes and 30,000 to 50,000 Swiss francs if it can be done secretly.

Swiss Post is Switzerland’s national postal company but provides more services to authorities, including logistics, IT, healthcare and electronic voting.

You might also like
Exit mobile version