From d0506094dc274d65ee189e7ef82ec99de441e6cd Mon Sep 17 00:00:00 2001 From: 46halbe <46halbe@berlin.ccc.de> Date: Thu, 7 Sep 2017 08:59:32 +0000 Subject: committing page revision 1 --- updates/2017/pc-wahl.en.md | 106 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 106 insertions(+) create mode 100644 updates/2017/pc-wahl.en.md diff --git a/updates/2017/pc-wahl.en.md b/updates/2017/pc-wahl.en.md new file mode 100644 index 00000000..7c4955e7 --- /dev/null +++ b/updates/2017/pc-wahl.en.md @@ -0,0 +1,106 @@ +title: Software to capture votes in upcoming national election is insecure +date: 2017-09-07 03:11:00 +updated: 2017-09-07 08:59:32 +author: 46halbe +tags: update, pressemitteilung +previewimage: /images/LogoPC-wahl.jpg + +The Chaos Computer Club is publishing an analysis of software used for tabulating the German parliamentary elections (Bundestagswahl). The analysis shows a host of problems and security holes, to an extent where public trust in the correct tabulation of votes is at stake. Proof-of-concept attack tools against this software are published with source code. + + + +Hackers of the Chaos Computer Club (CCC) have studied a software package +used in many German states to capture, aggregate and tabulate the votes +during elections, to see if this software was secure against external +attack. The analysis showed a number of security problems and multiple +practicable attack scenarios. Some of these scenarios allow for the +changing of vote totals across electoral district and state boundaries. +„PC-Wahl“, the software in question, has been used to record, analyse +and present election data in national, state and municipal elections for +multiple decades. + +The result of this analysis is somewhat of a „total loss“ for the +software product. The CCC is publishing its findings in a report of more +than twenty pages. \[0\] The technical details and the software used to +exploit the weaknesses are published in a repository. \[1\] + +„Elementary principles of IT-security were not heeded to. The amount of +vulnerabilities and their severity exceeded our worst expectations“, +says Linus Neumann, a speaker for the CCC that was involved in the +study. + +A depressing finding of the study is that a state-funded team of hackers +is not even necessary to control the tabulation of the votes. The broken +software update mechanism of „PC-Wahl“ allows for one-click compromise. +Together with the lacking security of the update server, this makes +complete takeover quite feasible. Given the trivial nature of the +attacks, it would be prudent to assume that not only the CCC is aware of +these vulnerabilities. + +„A whole chain of serious flaws, from the update server, via the +software itself through to the election results to be exported allows +for us to demonstrate three practical attack scenarios in one“, Neumann +continues. + +The software can be used to record the result of the counting in a +polling station and to transmit the result to the municipality. The +local election authorities use the same software to aggregate the +results and transmit them to the state election authorities. In some +states „PC-Wahl“ is furthermore also used by the state election +authorities. + +The documented attacks have the potential to permanently impact public +trust in the democratic process – even in cases where an actual +manipulation would be discovered in hours or days. Whether an actual +manipulation is discovered at all depends on the procedures followed in +the various states – at this moment, and as a result of our findings, +these procedures are being changed. In the state of Hesse it is now +mandatory to verify every transmission using „PC-Wahl“ using some +independent channel. + +The attack scenarios shown, and the remarkably bad general state of this +software call into question the security of competing products used for +the same purpose. In the Netherlands, the Dutch version of another +product, IVU.elect, used in Germany, was tested by Sijmen Ruwhof. The +results were not pretty. \[2\] + +„It is simply not the right millenium to quietly ignore IT-security +problems in voting“, says Linus Neumann. „Effective protective measures +have been available for decades, there is no conceivable reason not to +use them.“ + +A government that prides itself on „Industry 4.0“ and „Crypto made in +Germany“ should promote and use software in the election process that +has publicly readable source code. \[3\] The election authorities should +not have become dependent on suppliers using programming and security +concepts from the past millenium, but instead should promote +transparency and security of election software by supporting new +developments and advancing the state of the art. The sad state of this +piece of election infrastructure is yet more evidence of problems in +goverment IT. The procedures for tendering software projects need to +change. + +The primary goal of the CCC security analysis was to raise any security +problems found with the authorities, reminding them of their +responsibilities. A brute manipulation of election results should be +harder now because of the raised awareness and changed procedures. For +the coming national elections of this year, this exposé should not +prevent anyone from going to the polls to have their vote count (and +watch the tallying in the evening)! + +**Links**: + +\[0\] Bericht: Analyse einer Wahlsoftware (German) + + +\[1\] Software Repository: PC-Wahl +Tools  + +\[2\] Sijmen +Ruwhof:  + +\[3\] „Prototype Fund“ for Open Source +Software:  + +\[4\] Logbuch:Netzpolitik +(German):  -- cgit v1.2.3