An international group of researchers who have been examining the source code for an internet voting system that Switzerland plans to roll out this year have found a critical flaw in the code that would allow someone to alter votes without detection. New submitter eatmorekix shares a report: The cryptographic backdoor exists in a part of the system that is supposed to verify that all of the ballots and votes counted in an election are the same ones that voters cast. But the flaw could allow someone to swap out all of the legitimate ballots and replace them with fraudulent ones, all without detection. “The vulnerability is astonishing,” said Matthew Green, who teaches cryptography at Johns Hopkins University and did not do the research but read the researchers’ report. “In normal elections, there is no single person who could undetectably defraud the entire election. But in this system they built, there is a party who could do that.”
The researchers provided their findings last week to Swiss Post, the country’s national postal service, which developed the system with the Barcelona-based company Scytl. Swiss Post said in a statement the researchers provided Motherboard and that the Swiss Post plans to publish online on Tuesday, that the researchers were correct in their findings and that it had asked Scytl to fix the issue. It also downplayed the vulnerability, however, saying that to exploit it, an attacker would need control over Swiss Postâ(TM)s secured IT infrastructure “as well as help from several insiders with specialist knowledge of Swiss Post or the cantons.”
of this story at Slashdot.
Source:: Slashdot