diff options
Diffstat (limited to 'updates/2017')
-rw-r--r-- | updates/2017/pc-wahl.en.md | 106 |
1 files changed, 106 insertions, 0 deletions
diff --git a/updates/2017/pc-wahl.en.md b/updates/2017/pc-wahl.en.md new file mode 100644 index 00000000..7c4955e7 --- /dev/null +++ b/updates/2017/pc-wahl.en.md | |||
@@ -0,0 +1,106 @@ | |||
1 | title: Software to capture votes in upcoming national election is insecure | ||
2 | date: 2017-09-07 03:11:00 | ||
3 | updated: 2017-09-07 08:59:32 | ||
4 | author: 46halbe | ||
5 | tags: update, pressemitteilung | ||
6 | previewimage: /images/LogoPC-wahl.jpg | ||
7 | |||
8 | The Chaos Computer Club is publishing an analysis of software used for tabulating the German parliamentary elections (Bundestagswahl). The analysis shows a host of problems and security holes, to an extent where public trust in the correct tabulation of votes is at stake. Proof-of-concept attack tools against this software are published with source code. | ||
9 | |||
10 | <!-- TEASER_END --> | ||
11 | |||
12 | Hackers of the Chaos Computer Club (CCC) have studied a software package | ||
13 | used in many German states to capture, aggregate and tabulate the votes | ||
14 | during elections, to see if this software was secure against external | ||
15 | attack. The analysis showed a number of security problems and multiple | ||
16 | practicable attack scenarios. Some of these scenarios allow for the | ||
17 | changing of vote totals across electoral district and state boundaries. | ||
18 | „PC-Wahl“, the software in question, has been used to record, analyse | ||
19 | and present election data in national, state and municipal elections for | ||
20 | multiple decades. | ||
21 | |||
22 | The result of this analysis is somewhat of a „total loss“ for the | ||
23 | software product. The CCC is publishing its findings in a report of more | ||
24 | than twenty pages. \[0\] The technical details and the software used to | ||
25 | exploit the weaknesses are published in a repository. \[1\] | ||
26 | |||
27 | „Elementary principles of IT-security were not heeded to. The amount of | ||
28 | vulnerabilities and their severity exceeded our worst expectations“, | ||
29 | says Linus Neumann, a speaker for the CCC that was involved in the | ||
30 | study. | ||
31 | |||
32 | A depressing finding of the study is that a state-funded team of hackers | ||
33 | is not even necessary to control the tabulation of the votes. The broken | ||
34 | software update mechanism of „PC-Wahl“ allows for one-click compromise. | ||
35 | Together with the lacking security of the update server, this makes | ||
36 | complete takeover quite feasible. Given the trivial nature of the | ||
37 | attacks, it would be prudent to assume that not only the CCC is aware of | ||
38 | these vulnerabilities. | ||
39 | |||
40 | „A whole chain of serious flaws, from the update server, via the | ||
41 | software itself through to the election results to be exported allows | ||
42 | for us to demonstrate three practical attack scenarios in one“, Neumann | ||
43 | continues. | ||
44 | |||
45 | The software can be used to record the result of the counting in a | ||
46 | polling station and to transmit the result to the municipality. The | ||
47 | local election authorities use the same software to aggregate the | ||
48 | results and transmit them to the state election authorities. In some | ||
49 | states „PC-Wahl“ is furthermore also used by the state election | ||
50 | authorities. | ||
51 | |||
52 | The documented attacks have the potential to permanently impact public | ||
53 | trust in the democratic process – even in cases where an actual | ||
54 | manipulation would be discovered in hours or days. Whether an actual | ||
55 | manipulation is discovered at all depends on the procedures followed in | ||
56 | the various states – at this moment, and as a result of our findings, | ||
57 | these procedures are being changed. In the state of Hesse it is now | ||
58 | mandatory to verify every transmission using „PC-Wahl“ using some | ||
59 | independent channel. | ||
60 | |||
61 | The attack scenarios shown, and the remarkably bad general state of this | ||
62 | software call into question the security of competing products used for | ||
63 | the same purpose. In the Netherlands, the Dutch version of another | ||
64 | product, IVU.elect, used in Germany, was tested by Sijmen Ruwhof. The | ||
65 | results were not pretty. \[2\] | ||
66 | |||
67 | „It is simply not the right millenium to quietly ignore IT-security | ||
68 | problems in voting“, says Linus Neumann. „Effective protective measures | ||
69 | have been available for decades, there is no conceivable reason not to | ||
70 | use them.“ | ||
71 | |||
72 | A government that prides itself on „Industry 4.0“ and „Crypto made in | ||
73 | Germany“ should promote and use software in the election process that | ||
74 | has publicly readable source code. \[3\] The election authorities should | ||
75 | not have become dependent on suppliers using programming and security | ||
76 | concepts from the past millenium, but instead should promote | ||
77 | transparency and security of election software by supporting new | ||
78 | developments and advancing the state of the art. The sad state of this | ||
79 | piece of election infrastructure is yet more evidence of problems in | ||
80 | goverment IT. The procedures for tendering software projects need to | ||
81 | change. | ||
82 | |||
83 | The primary goal of the CCC security analysis was to raise any security | ||
84 | problems found with the authorities, reminding them of their | ||
85 | responsibilities. A brute manipulation of election results should be | ||
86 | harder now because of the raised awareness and changed procedures. For | ||
87 | the coming national elections of this year, this exposé should not | ||
88 | prevent anyone from going to the polls to have their vote count (and | ||
89 | watch the tallying in the evening)! | ||
90 | |||
91 | **Links**: | ||
92 | |||
93 | \[0\] Bericht: Analyse einer Wahlsoftware (German) | ||
94 | <https://ccc.de/system/uploads/230/original/PC-Wahl_Bericht_CCC.pdf> | ||
95 | |||
96 | \[1\] Software Repository: PC-Wahl | ||
97 | Tools <https://github.com/devio/Walruss> | ||
98 | |||
99 | \[2\] Sijmen | ||
100 | Ruwhof: <https://sijmen.ruwhof.net/weblog/1166-how-to-hack-the-upcoming-dutch-elections> | ||
101 | |||
102 | \[3\] „Prototype Fund“ for Open Source | ||
103 | Software: <https://prototypefund.de/> | ||
104 | |||
105 | \[4\] Logbuch:Netzpolitik | ||
106 | (German): <https://logbuch-netzpolitik.de/lnp228-interessierte-buerger> | ||