Experts Warn of Online Voting Security Issues

Friday, March 30, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

The Washington Times reports that cyber security experts are warning election officials that the deployment and use of online voting technologies presents a serious risk to election integrity.

“It is premature to deploy Internet voting in real elections at this time,” DHS senior cybersecurity adviser Bruce McConnell warned state and local election officials.

Chief among the concerns is that election tampering may be able to go undetected even in the course of a forensics investigation.

“Election officials who run and pursue online voting programs must understand that they are putting voters’ ballots at risk of being altered or deleted without anyone realizing it,” said Susannah Goodman of the Election Verification Network.

In early March,  a University of Michigan research team has published a report outlining the successful hack of a prototype online voting system.

The researchers were able to not only infiltrate the systems for the project, but also demonstrated the ability to alter vote counts and access sensitive ballot information.

The University of Michigan research team was invited to participate in trial runs of the new system in an effort to identify security vulnerabilities that could make the networks susceptible to manipulation.

"Our objective was to approach the system as real attackers would: starting from publicly available information, we looked for weaknesses that would allow us to seize control, unmask secret ballots, and alter the outcome of the mock election," the researchers stated.

The team was able to identify and exploit multiple weaknesses in the open source architecture, including a known flaw in the Linux kernel protocol, as well as being able to circumvent the system's encryption.

"Within 48 hours of the system going live, we had gained near complete control of the election server. We successfully changed every vote and revealed almost every secret ballot... Election officials did not detect our intrusion for nearly two business days—and might have remained unaware for far longer had we not deliberately left a prominent clue," the report notes.

The Election Verification Network indicated that currently thirty-three states have provisions that allow for the transmission of ballot information via the Internet, but the practice is limited mostly to overseas, military and absentee ballots.

Possibly Related Articles:
7082
Network->General
Elections voting Vulnerabilities internet Exploits Headlines Security hackers Online Election Verification Network
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.