In the aftermath of the 2 July federal election, Prime Minister Malcolm Turnbull and opposition leader Bill Shorten both indicated support for the potential use of eVoting to avoid drawn-out post-election ballot counting. However, the eVoting platform used in Australia’s most populous state — New South Wales’ iVote system — has again come under fire. The iVote system supports telephone and Internet-based voting in the state. The current version of iVote was produced by Scytl in partnership with the NSW Electoral Commission (NSWEC) and used in the 2015 state election. The robustness, privacy and verification method of the system have been questioned by two university researchers, one of whom was previously instrumental in uncovering a security vulnerability in iVote.
NSW parliament’s Joint Standing Committee on Electoral Matters is currently conducting an inquiry into the 2015 state election. At a hearing on Friday, academics Dr Vanessa Teague from the University of Melbourne and Professor Rajeev Goré from ANU appeared before the committee to offer a less-than-flattering analysis of the iVote system.
Teague and Dr Alex Halderman from the University of Michigan in 2015 uncovered a security vulnerability in iVote that could potentially be exploited to stage man-in-the-middle attacks to subvert votes.
Teague told Friday’s hearing: “We found a serious security hole that exposed the browsing session both to an attack called the FREAK attack and another attack called the Logjam attack. Both of which involved intercepting code on its way from a third party service into the voter’s browsing session, both of which allowed an Internet-based man-in-the-middle attacker to subvert the voter session entirely, expose how the person intended to vote, and send in a different vote back to the electoral commission.”
Full Article: NSW’s eVoting system under fire – Computerworld.