How internet voting can go wrong
News from America:
Small coding mistake led to big Internet voting system failure
The main security weakness that let University of Michigan researchers take control over a planned city of Washington, D.C. Internet voting system pilot for overseas voters in 2010 was “a tiny oversight in a single line of code,” …
It’s evidence, say the researchers – led by Assistant Professor J. Alex Halderman – that Internet voting should be postponed until, when or if major new breakthroughs in cybersecurity occur. Mistakes like the one they exploited are all too common, hard to eradicate, and indicative of a brittleness in web applications, they say. Seemingly trivial errors can result in attackers gaining system dominance – and in the case of an internet voting system, controlling the outcome of an election.
Responding to a call by Washington, D.C., election officials for outsiders with no previous access to test system security, Halderman and his students penetrated the pilot system within 48 hours of it going online. Their successful attack went undetected for another 36 hours.
Quite how it was then detected is rather an amusing musical tale, as you can read in the full story.
A reminder, again, of why electronic voting is a bad idea.
Leave a Reply