Researchers at the University of Michigan have reported that it took them only a short time to break through the security functions of a pilot project for online voting in Washington, D.C. "Within 48 hours of the system going live, we had gained near complete control of the election server", the researchers wrote in a paper that has now been released. "We successfully changed every vote and revealed almost every secret ballot." The hack was only discovered after about two business days – and most likely only because the intruders left a visible trail on purpose.

In 2010, the developers of the municipal e-voting system that enables voters living abroad to vote via a web site, invited security experts to conduct tests. The university researchers say that the project was developed in cooperation with the Open Source Digital Voting Foundation (OSDV) and that other US states have also worked on services similar to Washington's "Digital Vote-by-Mail Service". They also praise the system's transparency as exemplary but point out that its architecture has fundamental security weaknesses and was not able to withstand a shell injection and other common hacker techniques.

The security experts investigated common vulnerable points such as login fields, the virtual ballots' content and filenames, and session cookies – and found several exploitable weaknesses. Even the Linux kernel used in the project proved to have a well known vulnerability. They were also able to use the PDFs generated by the system to trick the encryption mechanism, while unsecured surveillance cameras provided additional insights into the infrastructure. While the open source nature of the code made their work somewhat easier, they believe that attackers would have been able to make quick headway even if the system had been proprietary.

The researchers conclude that it is generally difficult to build secure online voting systems. One small configuration or implementation error would undermine the entire voting process. Even if central servers were not used, which would be prime targets for hacking attempts, there would still be a number of other points of attack. Fundamental advances still need to be made in security, they say, before e-voting will truly be safe.

(fab)