Don't miss

Replay


LATEST SHOWS

MEDIAWATCH

Spain 'goes nuclear' on Catalonia

Read more

THE INTERVIEW

Civil rights leader Al Sharpton says Trump 'channels' racism

Read more

THE DEBATE

Moment of truth: Spain sets in motion direct rule over Catalonia

Read more

PEOPLE & PROFIT

Must it come down? Market analysts bracing for correction

Read more

FOCUS

Italian regions of Lombardy and Veneto to vote on autonomy

Read more

THE POLITICAL BRIEF

France considers tough new laws to crack down on sexual harassment

Read more

ENCORE!

Inside the new Yves Saint Laurent museum in Morocco

Read more

INSIDE THE AMERICAS

California: When your home is reduced to ashes

Read more

FRENCH CONNECTIONS

#balancetonporc: Sexual harassment and gender inequality in France

Read more

Europe

Vulnerabilities discovered in German electoral system

© John MacDougall, AFP | Le Chaos Computer Club discovered flaws in software used in German elections.

Text by Sébastian SEIBT

Latest update : 2017-09-09

The Chaos Computer Club (CCC), a group of German hackers, is warning that there are major flaws in software that will be essential to the vote count in Germany's September 24 legislative elections.

The CCC said on Tuesday that hackers could destabilise the German general election if the choice of 61.5 million Germans who will cast their ballots on September 24, to either re-elect Chancellor Angela Merkel or replace her, is not respected.

The CCC published a report online giving details as to how the election could be hijacked. While electronic voting is illegal in Germany, results are transmitted to the electoral commission electronically. It is there that the vulnerabilities lie. The software used in much of the country to send the votes to the Federal Election Commission is not secure, the CCC said. And the weakness is so obvious that it was discovered easily by a 29-year-old computer scientist.

PC-Wahl in the crosshairs

The program used to send results, PC-Wahl, doesn’t adhere to "the basic principles of computer security, and the number of vulnerabilities discovered far surpass our worst fears," said Linus Neumann, spokesman for Berlin-based CCC. The weakness comes from the lack of an electronic signature on the data that is sent that proves that it is genuine. Without that, hackers could intercept the results and modify them.

And the passwords for accessing the PC-Wahl interface are not hard to find. For starters, the same ID is valid for multiple municipalities. "It is like a hotel where all the doors are closed, but where the same key opens them all," Neumann said.

The PC-Wahl software can also be easily modified. The program updates automatically on a regular basis, but the updates aren’t well-protected from hackers. A cybercriminal could fairly easily swap an official update with a version that would allow him or her to control the software.

Insufficient improvements

The defects were discovered at the beginning of the summer and the manufacturer of PC-Wahl was quickly alerted. Several modifications later, the Chaos Computer Club is still not satisfied with the results. The improvements made "do not stand up to even superficial security tests", the report notes.

In an interview with the weekly Die Zeit, the manufacturer of PC-Wahl defended itself by stating that "even in cases of piracy, the final result of the vote will be legitimate because there is always the paper trail for verification." The CCC and the computer scientist who made the original discovery acknowledge that if there is the slightest doubt, the electoral commission will be able to verify the results against the paper ballots.

But the CCC contends that the flaws that still exist in the software might cast suspicion on the election results, which "weakens the democratic process," Neumann said. Some authorities have taken note. In Hesse, the head of the electoral commission asked local election officials to compare the results that will be published online on the evening of the election with those they sent in. And national authorities are now working with the makers of PC-Wahl to make sure the software is as secure as possible come election day.

Date created : 2017-09-09

  • GERMANY - TURKEY

    Another vote, another wrangle between Germany and Turkey

    Read more

  • GERMANY

    Merkel leads as rival Schulz fails to make inroads in key debate

    Read more

  • GERMANY

    Merkel starts Germany's 'strangest' election campaign

    Read more

COMMENT(S)