committing page revision 1

author: 46halbe <46halbe@berlin.ccc.de> 2017-09-07 08:59:32 +0000
committer: 46halbe <46halbe@berlin.ccc.de> 2020-05-23 13:40:04 +0000
commit: d0506094dc274d65ee189e7ef82ec99de441e6cd (patch)
tree: 9a277844591e3c2b7b01d939f8d59b45cc228a88 /updates/2017
parent: 001961f2ae63dbcfae6475ec42bd46bd6a34d450 (diff)
1 files changed, 106 insertions, 0 deletions
diff --git a/updates/2017/pc-wahl.en.md b/updates/2017/pc-wahl.en.md
new file mode 100644
index 00000000..7c4955e7
--- /dev/null
+++ b/updates/2017/pc-wahl.en.md
@@ -0,0 +1,106 @@
+title: Software to capture votes in upcoming national election is insecure
+date: 2017-09-07 03:11:00 
+updated: 2017-09-07 08:59:32 
+author: 46halbe
+tags: update, pressemitteilung
+previewimage: /images/LogoPC-wahl.jpg
+The Chaos Computer Club is publishing an analysis of software used for tabulating the German parliamentary elections (Bundestagswahl). The analysis shows a host of problems and security holes, to an extent where public trust in the correct tabulation of votes is at stake. Proof-of-concept attack tools against this software are published with source code.
+<!-- TEASER_END -->
+Hackers of the Chaos Computer Club (CCC) have studied a software package
+used in many German states to capture, aggregate and tabulate the votes
+during elections, to see if this software was secure against external
+attack. The analysis showed a number of security problems and multiple
+practicable attack scenarios. Some of these scenarios allow for the
+changing of vote totals across electoral district and state boundaries.
+„PC-Wahl“, the software in question, has been used to record, analyse
+and present election data in national, state and municipal elections for
+multiple decades.
+The result of this analysis is somewhat of a „total loss“ for the
+software product. The CCC is publishing its findings in a report of more
+than twenty pages. \[0\] The technical details and the software used to
+exploit the weaknesses are published in a repository. \[1\]
+„Elementary principles of IT-security were not heeded to. The amount of
+vulnerabilities and their severity exceeded our worst expectations“,
+says Linus Neumann, a speaker for the CCC that was involved in the
+study.
+A depressing finding of the study is that a state-funded team of hackers
+is not even necessary to control the tabulation of the votes. The broken
+software update mechanism of „PC-Wahl“ allows for one-click compromise.
+Together with the lacking security of the update server, this makes
+complete takeover quite feasible. Given the trivial nature of the
+attacks, it would be prudent to assume that not only the CCC is aware of
+these vulnerabilities.
+„A whole chain of serious flaws, from the update server, via the
+software itself through to the election results to be exported allows
+for us to demonstrate three practical attack scenarios in one“, Neumann
+continues.
+The software can be used to record the result of the counting in a
+polling station and to transmit the result to the municipality. The
+local election authorities use the same software to aggregate the
+results and transmit them to the state election authorities. In some
+states „PC-Wahl“ is furthermore also used by the state election
+authorities.
+The documented attacks have the potential to permanently impact public
+trust in the democratic process – even in cases where an actual
+manipulation would be discovered in hours or days. Whether an actual
+manipulation is discovered at all depends on the procedures followed in
+the various states – at this moment, and as a result of our findings,
+these procedures are being changed. In the state of Hesse it is now
+mandatory to verify every transmission using „PC-Wahl“ using some
+independent channel.
+The attack scenarios shown, and the remarkably bad general state of this
+software call into question the security of competing products used for
+the same purpose. In the Netherlands, the Dutch version of another
+product, IVU.elect, used in Germany, was tested by Sijmen Ruwhof. The
+results were not pretty. \[2\]
+„It is simply not the right millenium to quietly ignore IT-security
+problems in voting“, says Linus Neumann. „Effective protective measures
+have been available for decades, there is no conceivable reason not to
+use them.“
+A government that prides itself on „Industry 4.0“ and „Crypto made in
+Germany“ should promote and use software in the election process that
+has publicly readable source code. \[3\] The election authorities should
+not have become dependent on suppliers using programming and security
+concepts from the past millenium, but instead should promote
+transparency and security of election software by supporting new
+developments and advancing the state of the art. The sad state of this
+piece of election infrastructure is yet more evidence of problems in
+goverment IT. The procedures for tendering software projects need to
+change.
+The primary goal of the CCC security analysis was to raise any security
+problems found with the authorities, reminding them of their
+responsibilities. A brute manipulation of election results should be
+harder now because of the raised awareness and changed procedures. For
+the coming national elections of this year, this exposé should not
+prevent anyone from going to the polls to have their vote count (and
+watch the tallying in the evening)!
+**Links**:
+\[0\] Bericht: Analyse einer Wahlsoftware (German)
+<https://ccc.de/system/uploads/230/original/PC-Wahl_Bericht_CCC.pdf>
+\[1\] Software Repository: PC-Wahl
+Tools <https://github.com/devio/Walruss>
+\[2\] Sijmen
+Ruwhof: <https://sijmen.ruwhof.net/weblog/1166-how-to-hack-the-upcoming-dutch-elections>
+\[3\] „Prototype Fund“ for Open Source
+Software: <https://prototypefund.de/>
+\[4\] Logbuch:Netzpolitik
+(German): <https://logbuch-netzpolitik.de/lnp228-interessierte-buerger>
author	46halbe <46halbe@berlin.ccc.de>	2017-09-07 08:59:32 +0000
committer	46halbe <46halbe@berlin.ccc.de>	2020-05-23 13:40:04 +0000
commit	d0506094dc274d65ee189e7ef82ec99de441e6cd (patch)
tree	9a277844591e3c2b7b01d939f8d59b45cc228a88 /updates/2017
parent	001961f2ae63dbcfae6475ec42bd46bd6a34d450 (diff)

diff --git a/updates/2017/pc-wahl.en.md b/updates/2017/pc-wahl.en.md new file mode 100644 index 00000000..7c4955e7 --- /dev/null +++ b/updates/2017/pc-wahl.en.md
@@ -0,0 +1,106 @@
	1	title: Software to capture votes in upcoming national election is insecure
	2	date: 2017-09-07 03:11:00
	3	updated: 2017-09-07 08:59:32
	4	author: 46halbe
	5	tags: update, pressemitteilung
	6	previewimage: /images/LogoPC-wahl.jpg
	7
	8	The Chaos Computer Club is publishing an analysis of software used for tabulating the German parliamentary elections (Bundestagswahl). The analysis shows a host of problems and security holes, to an extent where public trust in the correct tabulation of votes is at stake. Proof-of-concept attack tools against this software are published with source code.
	9
	10	<!-- TEASER_END -->
	11
	12	Hackers of the Chaos Computer Club (CCC) have studied a software package
	13	used in many German states to capture, aggregate and tabulate the votes
	14	during elections, to see if this software was secure against external
	15	attack. The analysis showed a number of security problems and multiple
	16	practicable attack scenarios. Some of these scenarios allow for the
	17	changing of vote totals across electoral district and state boundaries.
	18	„PC-Wahl“, the software in question, has been used to record, analyse
	19	and present election data in national, state and municipal elections for
	20	multiple decades.
	21
	22	The result of this analysis is somewhat of a „total loss“ for the
	23	software product. The CCC is publishing its findings in a report of more
	24	than twenty pages. \[0\] The technical details and the software used to
	25	exploit the weaknesses are published in a repository. \[1\]
	26
	27	„Elementary principles of IT-security were not heeded to. The amount of
	28	vulnerabilities and their severity exceeded our worst expectations“,
	29	says Linus Neumann, a speaker for the CCC that was involved in the
	30	study.
	31
	32	A depressing finding of the study is that a state-funded team of hackers
	33	is not even necessary to control the tabulation of the votes. The broken
	34	software update mechanism of „PC-Wahl“ allows for one-click compromise.
	35	Together with the lacking security of the update server, this makes
	36	complete takeover quite feasible. Given the trivial nature of the
	37	attacks, it would be prudent to assume that not only the CCC is aware of
	38	these vulnerabilities.
	39
	40	„A whole chain of serious flaws, from the update server, via the
	41	software itself through to the election results to be exported allows
	42	for us to demonstrate three practical attack scenarios in one“, Neumann
	43	continues.
	44
	45	The software can be used to record the result of the counting in a
	46	polling station and to transmit the result to the municipality. The
	47	local election authorities use the same software to aggregate the
	48	results and transmit them to the state election authorities. In some
	49	states „PC-Wahl“ is furthermore also used by the state election
	50	authorities.
	51
	52	The documented attacks have the potential to permanently impact public
	53	trust in the democratic process – even in cases where an actual
	54	manipulation would be discovered in hours or days. Whether an actual
	55	manipulation is discovered at all depends on the procedures followed in
	56	the various states – at this moment, and as a result of our findings,
	57	these procedures are being changed. In the state of Hesse it is now
	58	mandatory to verify every transmission using „PC-Wahl“ using some
	59	independent channel.
	60
	61	The attack scenarios shown, and the remarkably bad general state of this
	62	software call into question the security of competing products used for
	63	the same purpose. In the Netherlands, the Dutch version of another
	64	product, IVU.elect, used in Germany, was tested by Sijmen Ruwhof. The
	65	results were not pretty. \[2\]
	66
	67	„It is simply not the right millenium to quietly ignore IT-security
	68	problems in voting“, says Linus Neumann. „Effective protective measures
	69	have been available for decades, there is no conceivable reason not to
	70	use them.“
	71
	72	A government that prides itself on „Industry 4.0“ and „Crypto made in
	73	Germany“ should promote and use software in the election process that
	74	has publicly readable source code. \[3\] The election authorities should
	75	not have become dependent on suppliers using programming and security
	76	concepts from the past millenium, but instead should promote
	77	transparency and security of election software by supporting new
	78	developments and advancing the state of the art. The sad state of this
	79	piece of election infrastructure is yet more evidence of problems in
	80	goverment IT. The procedures for tendering software projects need to
	81	change.
	82
	83	The primary goal of the CCC security analysis was to raise any security
	84	problems found with the authorities, reminding them of their
	85	responsibilities. A brute manipulation of election results should be
	86	harder now because of the raised awareness and changed procedures. For
	87	the coming national elections of this year, this exposé should not
	88	prevent anyone from going to the polls to have their vote count (and
	89	watch the tallying in the evening)!
	90
	91	Links:
	92
	93	\[0\] Bericht: Analyse einer Wahlsoftware (German)
	94	<https://ccc.de/system/uploads/230/original/PC-Wahl_Bericht_CCC.pdf>
	95
	96	\[1\] Software Repository: PC-Wahl
	97	Tools <https://github.com/devio/Walruss>
	98
	99	\[2\] Sijmen
	100	Ruwhof: <https://sijmen.ruwhof.net/weblog/1166-how-to-hack-the-upcoming-dutch-elections>
	101
	102	\[3\] „Prototype Fund“ for Open Source
	103	Software: <https://prototypefund.de/>
	104
	105	\[4\] Logbuch:Netzpolitik
	106	(German): <https://logbuch-netzpolitik.de/lnp228-interessierte-buerger>