E-voting.The swiss broadcasting corporation shows how a hacker can very easily access the votes of the citizens.
The security of e-voting in Geneva is again in doubt. In march 2015, a journalist of the RTS had shown how he had been able to vote electronically on two occasions. This time, the alert is given by the swiss broadcasting corporation SRF. The latter has proven that a hacker could very easily access the votes of the citizens.
The “Chaos computer club”, an organization of hackers, which brings together about 8000 members in Europe, has indeed shown how a simple manipulation diverts the user to the official website and directed to a similar site. This fake site allows you to see the vote of the user. According to the hacker Volkler Birk, quoted by the RTS, this fault shows that “the canton of Geneva has forgotten to protect against a computer attack that dates back more than twenty years.”
Due to the magnitude of the revelation, the Chancellery of the Canton of Geneva has responded on Saturday morning, through a press release. It indicates that it has been informed by the SRF of the existence of an infringing site the official site to vote. It indicates you notice the author of the site of the close. While recognizing the flaw, it is meant to be reassuring. “It is clear that this site is fake does not vote.” Furthermore, “at no time the proper operation of electronic voting has been compromised both in terms of reliability and security.”
The chancellor then pointed out the safety instructions. To be sure that his vote is not visible by others, the user must manually enter the address indicated on the voting card https://www.evote-ch.ch without looking up the email address on the search engines, the browsing history or the social networks. The citizen must then verify the certificate thumbprint of the certificate printed on the voting card, by following the procedure specified under the input field of the voting card number on the identification page. Finally, it must check that the verification code sent by the system correspond to codes received with the voting material on the check page. The Chancellery invited to contact the helpdesk in case of any doubts or difficulties.
This response is sufficient to overcome the doubts about the security of electronic voting? The rift update allows for time to consult the votes of the citizens. But according to the head of competence centre on e-voting, on being questioned by the SRF, manipulation of votes would be possible “if someone were to do that the user publishes his or her credentials.”