A cryptographic trap door could let someone change votes cast using Switzerland’s online sVote system without being detected, according to a new paper.
Verification: The specific issue is the way the system receives and counts votes before shuffling them and anonymizing voter details (everyone provides a birth date and an initialization code). Once they’ve been shuffled, the votes are counted and then decrypted. The trap door means someone could switch all the legitimately cast ballots for fraudulent ones, undetected.
A recommendation: The Swiss government should immediately halt plans to implement the system more widely, one of the authors said. However, there are ramifications way beyond Switzerland, which had hoped to make online voting an option nationwide for elections in October. A bug bounty program to test the system’s resilience was launched last month.
A wider issue: The software vendor, Scytl, provides electronic voting services to over 35 countries, including the United States. It says it’s working to fix the flaw, but the fact that it managed to creep into the system in the first place is worrying. And researchers say they’ve still only tested a fraction of the code base. It’s one of many issues uncovered with online and electronic voting.
Sign up here to our daily newsletter The Download to get your dose of the latest must-read news from the world of emerging tech.
Russia hacked an American satellite company one hour before the Ukraine invasion
The attack on Viasat showcases cyber’s emerging role in modern warfare.
Chinese hackers exploited years-old software flaws to break into telecom giants
A multi-year hacking campaign shows how dangerous old flaws can linger for years.
Transforming the automotive supply chain for the 21st century
Cloud-based tech solutions are helping manufacturers manage a new ecosystem of suppliers with greater agility and resilience.
How censoring China’s open-source coders might backfire
Many suspect the Chinese state has forced Gitee, the Chinese competitor to GitHub, to censor open-source code in a move developers worry could obstruct innovation.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.