New South Wales, Australia, is holding state elections this month, and they’re offering a new Internet voting system developed by e-voting vendor Scytl and the NSW Electoral Commission. The iVote system, which its creators describe as private, secure and verifiable, is predicted to see record turnout for online voting. Voting has been happening for six days, and already iVote has received more than 66,000 votes. Up to a quarter million voters (about 5% of the total) are expected to use the system by the time voting closes next Saturday. Since we’ve both done extensive research on the design and analysis of Internet voting systems, we decided to perform an independent security review of iVote. We’ll prepare a more extensive technical report after the election, but we’re writing today to share news about critical vulnerabilities we found that have put tens of thousands of votes at risk. We discovered a major security hole allowing a man-in-the middle attacker to read and manipulate votes. We also believe there are ways to circumvent the verification mechanism.
iVote allows voters to register and cast their votes using websites managed by the Electoral Commission. Upon registration, voters are given an 8-digit iVote ID number and asked to choose a 6-digit PIN. These allow them to log in to an online voting application implemented with JavaScript and HTML. After casting their vote, they receive a 12-digit receipt number. Optionally, the voter can call a telephone verification service and enter their receipt number to hear an automated system read their vote back to them.
The Electoral Commission has not published any of the source code for the election servers, but they have made available a practise voting site that uses substantially the same client-side code as the real voting site. We investigated the system by reviewing hundreds of pages of design documents and studying the client-side code of the practise site and the login screen of the real voting site.
Full Article: Security flaw in New South Wales puts thousands of online votes at risk.