A hacker claims to have discovered an important weakness in canton Geneva’s e-voting system to attacks that could redirect online voters to malicious websites. The canton says it is aware of the issue and introduced countermeasures years ago. Last week, Volker Birk of the Chaos Computer Club Switzerland said he had discovered that the Geneva online voting system – the biggest in Switzerland – uses an insecure procedure to protect its web address. Birk told Swiss public television, SRF, that it took only a few minutes to discover the system’s weakness to so-called DNS cache poisoning – an attack that exploits vulnerabilities in the domain name to divert internet traffic away from legitimate servers and towards fake ones. He added that the problem had been known for decades. In a public statement on Saturdayexternal link, canton Geneva said it had been informed by SRF about the fake site, which it admitted “did not allow people to vote electronically”.
The statement pointed out that Geneva’s e-voting system had never been compromised “either in terms of reliability or security”.
The canton told SRF in a written reply thatexternal link it had been aware of the issue for some time and that countermeasures were put in place in 2003 and strengthened in 2015.
“No anomalies have been observed in the e-voting process to date. Ongoing surveillance continues during each vote,” it stated.