diff options
| author | 46halbe <46halbe@berlin.ccc.de> | 2017-09-07 08:59:32 +0000 | 
|---|---|---|
| committer | 46halbe <46halbe@berlin.ccc.de> | 2020-05-23 13:40:04 +0000 | 
| commit | d0506094dc274d65ee189e7ef82ec99de441e6cd (patch) | |
| tree | 9a277844591e3c2b7b01d939f8d59b45cc228a88 | |
| parent | 001961f2ae63dbcfae6475ec42bd46bd6a34d450 (diff) | |
committing page revision 1
| -rw-r--r-- | updates/2017/pc-wahl.en.md | 106 | 
1 files changed, 106 insertions, 0 deletions
| diff --git a/updates/2017/pc-wahl.en.md b/updates/2017/pc-wahl.en.md new file mode 100644 index 00000000..7c4955e7 --- /dev/null +++ b/updates/2017/pc-wahl.en.md | |||
| @@ -0,0 +1,106 @@ | |||
| 1 | title: Software to capture votes in upcoming national election is insecure | ||
| 2 | date: 2017-09-07 03:11:00 | ||
| 3 | updated: 2017-09-07 08:59:32 | ||
| 4 | author: 46halbe | ||
| 5 | tags: update, pressemitteilung | ||
| 6 | previewimage: /images/LogoPC-wahl.jpg | ||
| 7 | |||
| 8 | The Chaos Computer Club is publishing an analysis of software used for tabulating the German parliamentary elections (Bundestagswahl). The analysis shows a host of problems and security holes, to an extent where public trust in the correct tabulation of votes is at stake. Proof-of-concept attack tools against this software are published with source code. | ||
| 9 | |||
| 10 | <!-- TEASER_END --> | ||
| 11 | |||
| 12 | Hackers of the Chaos Computer Club (CCC) have studied a software package | ||
| 13 | used in many German states to capture, aggregate and tabulate the votes | ||
| 14 | during elections, to see if this software was secure against external | ||
| 15 | attack. The analysis showed a number of security problems and multiple | ||
| 16 | practicable attack scenarios. Some of these scenarios allow for the | ||
| 17 | changing of vote totals across electoral district and state boundaries. | ||
| 18 | „PC-Wahl“, the software in question, has been used to record, analyse | ||
| 19 | and present election data in national, state and municipal elections for | ||
| 20 | multiple decades. | ||
| 21 | |||
| 22 | The result of this analysis is somewhat of a „total loss“ for the | ||
| 23 | software product. The CCC is publishing its findings in a report of more | ||
| 24 | than twenty pages. \[0\] The technical details and the software used to | ||
| 25 | exploit the weaknesses are published in a repository. \[1\] | ||
| 26 | |||
| 27 | „Elementary principles of IT-security were not heeded to. The amount of | ||
| 28 | vulnerabilities and their severity exceeded our worst expectations“, | ||
| 29 | says Linus Neumann, a speaker for the CCC that was involved in the | ||
| 30 | study. | ||
| 31 | |||
| 32 | A depressing finding of the study is that a state-funded team of hackers | ||
| 33 | is not even necessary to control the tabulation of the votes. The broken | ||
| 34 | software update mechanism of „PC-Wahl“ allows for one-click compromise. | ||
| 35 | Together with the lacking security of the update server, this makes | ||
| 36 | complete takeover quite feasible. Given the trivial nature of the | ||
| 37 | attacks, it would be prudent to assume that not only the CCC is aware of | ||
| 38 | these vulnerabilities. | ||
| 39 | |||
| 40 | „A whole chain of serious flaws, from the update server, via the | ||
| 41 | software itself through to the election results to be exported allows | ||
| 42 | for us to demonstrate three practical attack scenarios in one“, Neumann | ||
| 43 | continues. | ||
| 44 | |||
| 45 | The software can be used to record the result of the counting in a | ||
| 46 | polling station and to transmit the result to the municipality. The | ||
| 47 | local election authorities use the same software to aggregate the | ||
| 48 | results and transmit them to the state election authorities. In some | ||
| 49 | states „PC-Wahl“ is furthermore also used by the state election | ||
| 50 | authorities. | ||
| 51 | |||
| 52 | The documented attacks have the potential to permanently impact public | ||
| 53 | trust in the democratic process – even in cases where an actual | ||
| 54 | manipulation would be discovered in hours or days. Whether an actual | ||
| 55 | manipulation is discovered at all depends on the procedures followed in | ||
| 56 | the various states – at this moment, and as a result of our findings, | ||
| 57 | these procedures are being changed. In the state of Hesse it is now | ||
| 58 | mandatory to verify every transmission using „PC-Wahl“ using some | ||
| 59 | independent channel. | ||
| 60 | |||
| 61 | The attack scenarios shown, and the remarkably bad general state of this | ||
| 62 | software call into question the security of competing products used for | ||
| 63 | the same purpose. In the Netherlands, the Dutch version of another | ||
| 64 | product, IVU.elect, used in Germany, was tested by Sijmen Ruwhof. The | ||
| 65 | results were not pretty. \[2\] | ||
| 66 | |||
| 67 | „It is simply not the right millenium to quietly ignore IT-security | ||
| 68 | problems in voting“, says Linus Neumann. „Effective protective measures | ||
| 69 | have been available for decades, there is no conceivable reason not to | ||
| 70 | use them.“ | ||
| 71 | |||
| 72 | A government that prides itself on „Industry 4.0“ and „Crypto made in | ||
| 73 | Germany“ should promote and use software in the election process that | ||
| 74 | has publicly readable source code. \[3\] The election authorities should | ||
| 75 | not have become dependent on suppliers using programming and security | ||
| 76 | concepts from the past millenium, but instead should promote | ||
| 77 | transparency and security of election software by supporting new | ||
| 78 | developments and advancing the state of the art. The sad state of this | ||
| 79 | piece of election infrastructure is yet more evidence of problems in | ||
| 80 | goverment IT. The procedures for tendering software projects need to | ||
| 81 | change. | ||
| 82 | |||
| 83 | The primary goal of the CCC security analysis was to raise any security | ||
| 84 | problems found with the authorities, reminding them of their | ||
| 85 | responsibilities. A brute manipulation of election results should be | ||
| 86 | harder now because of the raised awareness and changed procedures. For | ||
| 87 | the coming national elections of this year, this exposé should not | ||
| 88 | prevent anyone from going to the polls to have their vote count (and | ||
| 89 | watch the tallying in the evening)! | ||
| 90 | |||
| 91 | **Links**: | ||
| 92 | |||
| 93 | \[0\] Bericht: Analyse einer Wahlsoftware (German) | ||
| 94 | <https://ccc.de/system/uploads/230/original/PC-Wahl_Bericht_CCC.pdf> | ||
| 95 | |||
| 96 | \[1\] Software Repository: PC-Wahl | ||
| 97 | Tools <https://github.com/devio/Walruss> | ||
| 98 | |||
| 99 | \[2\] Sijmen | ||
| 100 | Ruwhof: <https://sijmen.ruwhof.net/weblog/1166-how-to-hack-the-upcoming-dutch-elections> | ||
| 101 | |||
| 102 | \[3\] „Prototype Fund“ for Open Source | ||
| 103 | Software: <https://prototypefund.de/> | ||
| 104 | |||
| 105 | \[4\] Logbuch:Netzpolitik | ||
| 106 | (German): <https://logbuch-netzpolitik.de/lnp228-interessierte-buerger> | ||
