When Germans go to the polls in their federal elections later this month, none of them will use computers to vote. It’s not legal in the country.
But computers are used to tabulate and transmit the results. And, with little more than a couple of weeks to go, the election may have just hit a snag.
Martin Tschirsich, a computer scientist from Darmstadt in Hessen, says he’s found major vulnerabilities in the code of software called PC-Wahl, or PC election.
On September 24, that software will be used to record the results in individual polling stations, transmit them to local election authorities, aggregate them and transmit them on to state election authorities. Some of those state authorities also use the software.
“The election is not secure,” Tschirsich told Zeit Online. “It can be hacked.”
What’s more, Tschirsich’s findings have been backed up by Germany’s venerable and highly-regarded Chaos Computer Club (CCC) white-hat hacker collective.
However, German officials argue it will not be possible for anyone to manipulate the results of the federal election, because urgent measures — partly prompted by these revelations — will keep everything secure.
The CCC published an analysis of PC-Wahl’s source code on Thursday, saying there were “a number of security problems and multiple practicable attack scenarios”, some of which could lead to vote totals being doctored.
Perhaps most worryingly, the group said PC-Wahl’s software-update mechanism has a flaw that enables a “one-click compromise”, obviating the need for state-sponsored actors to be involved. On top of that, the update server is apparently insecure.
“Elementary principles of IT-security were not heeded,” the CCC’s Linus Neumann said in a statement. “The amount of vulnerabilities and their severity exceeded our worst expectations.”
This security issues aren’t just a problem for the coming federal elections. The software has already been used for elections across all the German Länder, or states, as well as previous national and European elections. However, this month’s election is the main immediate concern.
“Preventing the possibilities of manipulation in the coming Bundestag election is my highest priority,” federal returning officer Dieter Sarreither said in a statement.
Sarreither’s office said it is aware of the problems raised by the researchers and has asked regional election authorities to take steps such as installing the latest PC-Wahl update, and authenticating the results sent electronically up the chain.
That process can mean making phone calls to ensure the figures received are the same as those sent, it said, adding that the security of the election was more important than the speediness of the tabulation.
“The federal returning officer calls on the responsible software vendor, vote-IT, to take the recommendations of the Federal Office for Information Security (BSI) into account when resolving existing weaknesses,” the statement continued, adding that precautionary measures will mean “a manipulation of the election result is excluded”.
“Whether an actual manipulation is discovered at all depends on the procedures followed in the various states — at this moment, and as a result of our findings, these procedures are being changed,” the CCC said, noting that Hessen now requires the verification of every PC-Wahl transmission.
The collective said the measures should make manipulation harder, but argued that the election authorities should rather be using open-source software.
“The sad state of this piece of election infrastructure is yet more evidence of problems in government IT,” it said. “The procedures for tendering software projects need to change.”
ZDNet has asked vote-IT to comment on the revelations but so far has not received a response.
PREVIOUS AND RELATED COVERAGE
Security experts warn lawmakers of election hacking risks
The hundred-plus security experts say many US states are “inadequately prepared” to deal with the rising cybersecurity risks of state and federal elections.
How security flaws in voting machines could discredit election results
Security experts say voting machines are easy to tamper with, and in several key battleground states ballots will be nearly impossible to verify.