IT experts from abroad have re-discovered a security vulnerability in the E-Voting System of the Post. The canadian security specialist Sarah Jamie Lewis and her Team have found out that votes cast for void, without the System reports a tamper. Thus could go unnoticed votes, manipulate, and write.
The researchers have informed the Post about the gap. The company reports that it is currently to clarify it, “the facts of the case in Detail”. It is confirmed that the security gap is to make individual votes cast invalid. According to the Post this would be but noted “in any case, in the decryption and counting, because the E-Voting System of the Post allows it, in principle, invalid votes”. Therefore it can be excluded that with the scenario of unnoticed voices changed or elections can be manipulated.
However, the Post is now working to correct the error. We stand by this with the technology partner Scytl in contact, writes the Post on request of a VIEW.
Yesterday, the Test
ended The Post had the source code of their E-Voting system for a month by hackers. The so-called intrusion test, for the over 3000 IT had signed up Cracks that ran until last Sunday. It is a requirement of the Federal government and the cantons, before the E-Voting System may be used.
Until today, at midnight, the participants still have time, discovered to report security vulnerabilities. As soon as the Post office has analysed, will inform you about the final result of the intrusion test. The source code remains even after the Test, accessible to the public.
the First vulnerability was even known
two weeks Ago, the canadian IT expert, Lewis and her Team have already discovered a critical bug in the Post System, which allows it to manipulate votes go unnoticed. It came out that the Post had knew about the gap since 2017 notice and the order given to fill this. But the with the job entrusted a technology partner did not complete. The Post stressed that the vulnerability relates to the E-Voting-Sytem which is already used in several cantons.
The canadian security expert Lewis is not a registered hackers, but has worked with a leaked Version of the source code. You and your Team have, therefore, not entitled to the premium of a maximum of 50’000 Swiss francs, promised in the Post hackers that find a critical bug.
E-Voting opponents see the
confirmed The second vulnerability, which is now known, is water on the mills of the E-Voting skeptics. Since March, collect signatures for an Initiative calling for a Moratorium on electronic voting. The President of the initiative Committee, SVP national councillor Franz Grüter (55), looks his fears in the most recently publicized made errors in the E-Voting System confirmed: “Now is the time that the Federal Chancellery decreed a March.”
“The Post can not have a serious feeling that this System of elections and votes,” says Grüter. “Serious security gaps in E-Voting going into the bone marrow of our democracy.” He trusts neither the source code of the Post to the test procedure: The Test give no guarantee that the System won’t let manipulate. “This intrusion test is a Farce.”