summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--updates/2017/pc-wahl.en.md106
1 files changed, 106 insertions, 0 deletions
diff --git a/updates/2017/pc-wahl.en.md b/updates/2017/pc-wahl.en.md
new file mode 100644
index 00000000..7c4955e7
--- /dev/null
+++ b/updates/2017/pc-wahl.en.md
@@ -0,0 +1,106 @@
1title: Software to capture votes in upcoming national election is insecure
2date: 2017-09-07 03:11:00
3updated: 2017-09-07 08:59:32
4author: 46halbe
5tags: update, pressemitteilung
6previewimage: /images/LogoPC-wahl.jpg
7
8The Chaos Computer Club is publishing an analysis of software used for tabulating the German parliamentary elections (Bundestagswahl). The analysis shows a host of problems and security holes, to an extent where public trust in the correct tabulation of votes is at stake. Proof-of-concept attack tools against this software are published with source code.
9
10<!-- TEASER_END -->
11
12Hackers of the Chaos Computer Club (CCC) have studied a software package
13used in many German states to capture, aggregate and tabulate the votes
14during elections, to see if this software was secure against external
15attack. The analysis showed a number of security problems and multiple
16practicable attack scenarios. Some of these scenarios allow for the
17changing of vote totals across electoral district and state boundaries.
18„PC-Wahl“, the software in question, has been used to record, analyse
19and present election data in national, state and municipal elections for
20multiple decades.
21
22The result of this analysis is somewhat of a „total loss“ for the
23software product. The CCC is publishing its findings in a report of more
24than twenty pages. \[0\] The technical details and the software used to
25exploit the weaknesses are published in a repository. \[1\]
26
27„Elementary principles of IT-security were not heeded to. The amount of
28vulnerabilities and their severity exceeded our worst expectations“,
29says Linus Neumann, a speaker for the CCC that was involved in the
30study.
31
32A depressing finding of the study is that a state-funded team of hackers
33is not even necessary to control the tabulation of the votes. The broken
34software update mechanism of „PC-Wahl“ allows for one-click compromise.
35Together with the lacking security of the update server, this makes
36complete takeover quite feasible. Given the trivial nature of the
37attacks, it would be prudent to assume that not only the CCC is aware of
38these vulnerabilities.
39
40„A whole chain of serious flaws, from the update server, via the
41software itself through to the election results to be exported allows
42for us to demonstrate three practical attack scenarios in one“, Neumann
43continues.
44
45The software can be used to record the result of the counting in a
46polling station and to transmit the result to the municipality. The
47local election authorities use the same software to aggregate the
48results and transmit them to the state election authorities. In some
49states „PC-Wahl“ is furthermore also used by the state election
50authorities.
51
52The documented attacks have the potential to permanently impact public
53trust in the democratic process – even in cases where an actual
54manipulation would be discovered in hours or days. Whether an actual
55manipulation is discovered at all depends on the procedures followed in
56the various states – at this moment, and as a result of our findings,
57these procedures are being changed. In the state of Hesse it is now
58mandatory to verify every transmission using „PC-Wahl“ using some
59independent channel.
60
61The attack scenarios shown, and the remarkably bad general state of this
62software call into question the security of competing products used for
63the same purpose. In the Netherlands, the Dutch version of another
64product, IVU.elect, used in Germany, was tested by Sijmen Ruwhof. The
65results were not pretty. \[2\]
66
67„It is simply not the right millenium to quietly ignore IT-security
68problems in voting“, says Linus Neumann. „Effective protective measures
69have been available for decades, there is no conceivable reason not to
70use them.“
71
72A government that prides itself on „Industry 4.0“ and „Crypto made in
73Germany“ should promote and use software in the election process that
74has publicly readable source code. \[3\] The election authorities should
75not have become dependent on suppliers using programming and security
76concepts from the past millenium, but instead should promote
77transparency and security of election software by supporting new
78developments and advancing the state of the art. The sad state of this
79piece of election infrastructure is yet more evidence of problems in
80goverment IT. The procedures for tendering software projects need to
81change.
82
83The primary goal of the CCC security analysis was to raise any security
84problems found with the authorities, reminding them of their
85responsibilities. A brute manipulation of election results should be
86harder now because of the raised awareness and changed procedures. For
87the coming national elections of this year, this exposé should not
88prevent anyone from going to the polls to have their vote count (and
89watch the tallying in the evening)!
90
91**Links**:
92
93\[0\] Bericht: Analyse einer Wahlsoftware (German)
94<https://ccc.de/system/uploads/230/original/PC-Wahl_Bericht_CCC.pdf>
95
96\[1\] Software Repository: PC-Wahl
97Tools <https://github.com/devio/Walruss>
98
99\[2\] Sijmen
100Ruwhof: <https://sijmen.ruwhof.net/weblog/1166-how-to-hack-the-upcoming-dutch-elections>
101
102\[3\] „Prototype Fund“ for Open Source
103Software: <https://prototypefund.de/>
104
105\[4\] Logbuch:Netzpolitik
106(German): <https://logbuch-netzpolitik.de/lnp228-interessierte-buerger>