Home » Gadgets » PC choice: German election software is extremely uncertain

PC choice: German election software is extremely uncertain

Thursday, September 7th, 2017 | Gadgets

According to an opinion of the CCC, a software used in Germany to transmit the election results has numerous security gaps which would allow manipulation of the results transmission [Analyse als PDF]. Zeitonline had first reported on the report.

The software PC choice, which is used by the overwhelming majority of municipalities, does not include numerous established security procedures in its current version. Several service providers published passwords for FTP servers. These were partly contained in published manuals or badly obfuscated in test archives.
On the server of the manufacturer, the script PHP Obfuscator succeeded in the representation of the CCC also extracted any files from the server, even if they were not actually publicly visible. With the access data to the FTP servers, tampered versions of the program could have been distributed because no effective authentication of the software was provided during the installation. With other PHP scripts it was possible to write any files "into the Webroot". Meanwhile, corresponding scripts are no longer accepted.
Unencrypted transmission of results
Also the transfer of the voices entered in the local polling stations was unfortunately unencrypted and without integrity check of the data. There is obviously a way to encrypt the data via AES, but the option does not seem to be activated by default.

With an update the manufacturer wants to sign the data in the future before sending by GPG. However, the implementation of the function, according to the CCC, had problems again, because the used passwords can be read out. Even the stored and transmitted passwords are not likely to be safe – because symmetrical encryption methods are still used, which could not guarantee lasting security.
Even if no electoral computers are used in Germany, the number of votes cast could be manipulated during transmission. This applies in particular to the live results transmitted in some of the Länder in the Internet. After all, there are paper copies of the ballot papers, so that manual verification is possible at any time. In Venezuela, however, electoral computers could help to reveal a manipulation.
In principle, the CCC demands that the functionality of the software be independently checked. In addition, untimely software must be newly developed and independently audited, taking into account current requirements.

Related

Turkish community criticizes: "Germ

The Turkish community in Germany criticized the new attitude of the federal government

Sinead O'connor Black Boy On Moped Lyric

Sinead O'connor Black Boy On Moped Lyrics Sinead O'connor Black Boy On Moped

Rihanna Close To You Lyrics

Rihanna Close To You Lyrics Rihanna Close To You Lyrics Vlogs Wiggle-Jason derulo

Armed man after shooting in Saxony on th

A police officer discovers a man sought with arrest warrant and beats alarm.