How safe are your votes? White hat hackers expose flaws in vote counting machines used in Germany
The Chaos Computer Club showed how easy it is to manipulate votes between candidates.
A hacking collective known as the Chaos Computer Club (CCC) have demonstrated how easy it is to not only hack into Germany's vote counting software, but also directly move votes between candidates.
The group has found a number of vulnerabilities in the software and published them for all to see. In a statement published on the CCC website, the club's spokesperson Linus Neumann said, "By infecting large-scale, we could have changed every single submitted result. It is simply not the right millennium to quietly ignore IT-security problems in voting."
The CCC added, "The analysis shows a host of problems and security holes, to an extent where public trust in the correct tabulation of votes is at stake."
This comes at a time when Germany is getting ready to go to the polls in a few weeks.
A software called PC-Wahl is reportedly used in preliminary elections in many German states and has been used by the government for decades, according to a Daily Beast report.
Neumann said that the CCC was able to carry out the hack by taking over the server that provides software updates to PC-Wahl and adding in a "malicious program" as part of the update, which could potentially manipulate every vote cast. He added that the software and the updates are authenticated properly.
It was reported that every time the software was used, it mandated an update. So it is possible to rapidly infect a large number of machines in one go if a hacker were to add the malicious code in.
Using updates to deliver malicious code, according to the report, is a fairly standard way to attack systems. There was one such incident where a Ukrainian financial software's update carried a ransomware and shut down several systems, including Maersk's – one of the world's largest shipping companies.
However, the makers of PC-Wahl have made a statement to German newspaper Der Spiegel, denying that their software is unsafe in any way, reports Sky News.
The CCC, on the other hand, said that the security flaws are so basic and "trivial" that any attack that needs be carried out will not really require too much expertise, skill, or even the backing of a state-sponsored organisation. The club also added that it is highly likely that the CCC is not the only one who is aware of these security weaknesses.
The ethical hacking collective has published a list of proof-of-concept attack tools to prove that what they are claiming is possible on their site, adding, "The result of this analysis is somewhat of a 'total loss' for the software product [PC- Wahl]."
Hackers attacking elections of countries became mainstream news after the alleged US election hacking claims that were laid against Russia last year.
But the hacks mentioned by the CCC are reported to be different from the ones that agencies say have affected 21 states in the US.
In Germany, there were reports in 2015 about attempts to influence general elections through IT systems, with blame being placed on the Kremlin.
© Copyright IBTimes 2024. All rights reserved.