German election software can be hacked by novices, claims hacker group

German election software can be hacked by novices, claims hacker group

German election software can be hacked by novices, claims hacker group1

Barely weeks before Germany’s upcoming federal elections, hackers have detected serious flaws in election software that can be exploited by a moderately skilled hacker.

Germany’s election  software can be hacked and modified to change vote totals across electoral district and state boundaries.

Chaos Computer Club, a German hackers’ collective, has said that it observed a “host of problems and security holes” in election software that will be used for recording and tallying votes during the upcoming federal elections. The vulnerable PC-Wahl software has been used in Germany’s national, state and municipal elections for decades and will be used again on 24th September.

“The analysis showed a number of security problems and multiple practicable attack scenarios. Some of these scenarios allow for the changing of vote totals across electoral district and state boundaries,” said Chaos Computer Club in a statement.

Even though the German Federal Court has declared usage of electoral machines unconstitutional, the PC-Wahl software is still in use as it helps in the organization, recording, and evaluation of elections. However, if manipulated by a hacker, the software has the power to influence the ultimate outcome. This may not be good news for Angela Merkel who is seeking re-election to a fourth term as Chancellor and is not exactly a Kremlin favourite.

According to Chaos Computer Club, PC-Wahl can be configured to manipulate the results in several electoral districts at the same time. However, if a hacker is more proficient, he can use it to manipulate the results in several Federal States at the same time.

The vulnerable software can be used to manipulate the final result and also to control the votes cast by citizens. While the vulnerability is a serious concern, what is worrying is the fact that the election software can be hacked into so easily.

During their analysis, the hackers observed that the PC-Wahl software contains several different, apparently self-developed symmetrical “encryption routines” which are used to back up software updates against tampering and to upload critical passwords.

Given that all information necessary for decryption is included in the programme code itself, a hacker can easily extract such information and re-implement them. The hacker can also read ‘encrypted’ passwords in the .INI files and can use them to maniputate election results. What’s worse, a hacker can install a malicious patch in the software and can use the modified variant to manipulate official results.

In all, the hacker consortium identified several flaws, including inadequate protection of the server used for distribution and operation of the software, lack of encryption and signature of the transmitted results, inadequate encryption of login information, and lack of authentication and fingerprinting in the software and its updates.

The consortium also confirmed that following their analysis, Vote-IT, the manufacturer of the said software, has introduced new patches to remove vulnerabilities in servers and has also taken other steps to ensure the software remains safe from malicious hackers.

According to Frank Rieger, a spokesman for the Chaos Computer Club, the consortium began its analysis after an independent security researcher had raised questions about problems with PC-Wahl.

He told CNN that the ‘CCC has called on the government to “promote and use software in the election process that has a publicly readable source code,” so that security flaws can be found and resolved more quickly, and to support the development of new, state-of-the-art election software.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]