Sign In

Communications of the ACM

ACM TechNews

Estonian Electronic Voting System Vulnerable to Attacks, Researchers Say

View as: Print Mobile App Share:
An electronic voting system with ID card security.

An international team of security and Internet voting specialists has found Estonia's electronic voting system is unable to guarantee fair elections in that country.

Credit: Jim Ruymens/Reuters

Estonia's electronic voting system cannot guarantee fair elections because of fundamental security weaknesses and poor operations procedures, according to an international team of security and Internet voting experts.

During their analysis, the researchers identified a large number of poor security practices that ranged from election officials entering sensitive passwords and PINs while being filmed to system administrators downloading critical applications over insecure connections and using personal computers to deploy servers and build the client software distributed to votes.

In addition, the researchers used open source code to replicate the electronic voting system and created several practical server-side and client-side attacks against it. The researchers also developed malware that can record PIN numbers and later change votes while ID cards are attached to voters' computers for different operations.

"There are so many attack vectors by which you could dirty the machines used to set up the elections that we believe this to be a very credible and viable attack; and we have photographic evidence on our website showing a personal computer with links to poker sites being used to set up the critical election systems [in Estonia]," says Open Rights Group researcher Jason Kitcat.

From IDG News Service
View Full Article


Abstracts Copyright © 2014 Information Inc., Bethesda, Maryland, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account