Estonian electronic voting system vulnerable to attacks, researchers say

International research team finds insecure operational procedures and fundamental weaknesses in Estonian Internet voting system

The electronic voting system that has been used in Estonia since 2005 cannot guarantee fair elections because of fundamental security weaknesses and poor operational procedures, according to an international team of security and Internet voting researchers.

The analysis performed by the team's members, some of whom acted as observers during 2013 local elections in Estonia, revealed that sophisticated attackers, like those employed by nation states, could easily compromise the integrity of the country's Internet voting system and influence the election outcome, often without a trace.

The team chose to analyze the Estonian system because Estonia has one of the highest rates of Internet voting participation in the world -- over 21 percent of the total number of votes during the last local election were cast through the electronic voting system.

During their observation of the local elections and by later watching the procedural videos released by the Estonian election authority, the researchers identified a large number of poor security practices that ranged from election officials inputting sensitive passwords and PINs while being filmed to system administrators downloading critical applications over insecure connections and using personal computers to deploy servers and build the client software distributed to voters.

The researchers also used open-source code released by the Estonian government to replicate the electronic voting system in their laboratory and then devised several practical server-side and client-side attacks against it.

To use the Estonian system, voters insert their electronic national ID card into a card reader attached to their computers and use the PINs associated with their ID cards to cast their votes through a special application. The researchers developed malware that can record the PIN numbers and later change the votes while the ID cards are attached to voters' computer for different operations.

The malware can be deployed in different ways, including through online exploits, through existing infections or through man-in-the-middle attacks during the download process. Attackers could also maliciously alter the voting software itself during the build process, if it's created on a personal computer instead of in a controlled environment, the researchers said Monday during a press conference about their findings in Tallinn, Estonia.

The system uses a vote confirmation procedure based on QR codes than need to be scanned by users with their mobile phones after casting their votes. However, a compromised voting application can potentially alter votes and QR codes in real time, meaning this additional verification system can't protect users from sophisticated attackers, the researchers said.

Such false verification attacks have been used in the real world against online banking users, so they're not just theoretical and could easily be applied to Internet voting, they said.

To compromise the electronic voting servers, attackers could either exploit vulnerabilities over the Internet or could target the people responsible for deploying the servers by first infecting their computers and then altering the server software. Because of the lack of security checks and control, a malicious insider could also carry out such attacks, the researchers said.

The research team included J. Alex Halderman, a computer science professor at the University of Michigan who studied electronic voting systems in different countries around the world; Maggie MacAlpine, an advisor on post-election audits in the U.S.; Harri Hursti, a Finnish independent security researcher known for previously demonstrating a successful attack against a Diebold voting machine; Jason Kitcat, who previously led an investigation into electronic voting in the UK for the Open Rights Group, a digital rights organization; and Travis Finkenauer and Drew Springall, two PhD students at the University of Michigan.

"There are so many attack vectors by which you could dirty the machines used to set up the elections that we believe this to be a very credible and viable attack; and we have photographic evidence on our website showing a personal computer with links to poker sites being used to set up the critical election systems [in Estonia]," Kitcat said.

The Estonian election officials should improve their operational procedures, but "we've also shown fundamental flaws in the architecture of the system, which means that we can steal votes remotely from voters' computers and those flaws cannot be fixed quickly or easily," he said.

The researchers said they notified the Estonian National Electoral Committee, as well as political parties, academics and media organizations in Estonia of their findings at the same time on Saturday. The research was presented in greater detail Monday during a press conference and a full report will be made available on a website that also contains other supporting material, including videos and photos.

The Estonian National Electoral Committee declined to comment until it reviews the full report.

The researchers believe the Estonian Internet voting system should be discontinued before the upcoming European Parliament elections on May 25. More generally they believe that building a secure and accurate electronic voting system is not possible with the current technology when taking sophisticated attackers like nation states into consideration.

Join the PC World newsletter!

Error: Please check your email address.

Tags intrusionGovernment use of ITe-votingsecurityAccess control and authenticationgovernmentExploits / vulnerabilitiesdata protectionfraud

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?