Don't miss

Replay


LATEST SHOWS

IN THE PAPERS

US decides to 'let corporate greed run the internet'

Read more

IN THE PAPERS

Marine Le Pen's former right-hand man plans his political rebirth

Read more

THE INTERVIEW

Ex-minister Tzipi Livni calls for Israeli settlement freeze

Read more

THE DEBATE

May overruled: Brexit momentum thwarted by Tory rebellion

Read more

EYE ON AFRICA

Somalia's Shabaab kill 18 policemen in academy bombing

Read more

MEDIAWATCH

Tabloid rage over MPs' Brexit vote

Read more

EYE ON AFRICA

Saudi Arabia and UAE pledge €110.5 million for G5 Sahel joint force

Read more

BUSINESS DAILY

FCC votes against net neutrality

Read more

THE POLITICAL BRIEF

One Planet Summit: How France's Macron became 'Mister Climate'

Read more

Europe

Vulnerabilities discovered in German electoral system

© John MacDougall, AFP | Le Chaos Computer Club discovered flaws in software used in German elections.

Text by Sébastian SEIBT

Latest update : 2017-09-09

The Chaos Computer Club (CCC), a group of German hackers, is warning that there are major flaws in software that will be essential to the vote count in Germany's September 24 legislative elections.

The CCC said on Tuesday that hackers could destabilise the German general election if the choice of 61.5 million Germans who will cast their ballots on September 24, to either re-elect Chancellor Angela Merkel or replace her, is not respected.

The CCC published a report online giving details as to how the election could be hijacked. While electronic voting is illegal in Germany, results are transmitted to the electoral commission electronically. It is there that the vulnerabilities lie. The software used in much of the country to send the votes to the Federal Election Commission is not secure, the CCC said. And the weakness is so obvious that it was discovered easily by a 29-year-old computer scientist.

PC-Wahl in the crosshairs

The program used to send results, PC-Wahl, doesn’t adhere to "the basic principles of computer security, and the number of vulnerabilities discovered far surpass our worst fears," said Linus Neumann, spokesman for Berlin-based CCC. The weakness comes from the lack of an electronic signature on the data that is sent that proves that it is genuine. Without that, hackers could intercept the results and modify them.

And the passwords for accessing the PC-Wahl interface are not hard to find. For starters, the same ID is valid for multiple municipalities. "It is like a hotel where all the doors are closed, but where the same key opens them all," Neumann said.

The PC-Wahl software can also be easily modified. The program updates automatically on a regular basis, but the updates aren’t well-protected from hackers. A cybercriminal could fairly easily swap an official update with a version that would allow him or her to control the software.

Insufficient improvements

The defects were discovered at the beginning of the summer and the manufacturer of PC-Wahl was quickly alerted. Several modifications later, the Chaos Computer Club is still not satisfied with the results. The improvements made "do not stand up to even superficial security tests", the report notes.

In an interview with the weekly Die Zeit, the manufacturer of PC-Wahl defended itself by stating that "even in cases of piracy, the final result of the vote will be legitimate because there is always the paper trail for verification." The CCC and the computer scientist who made the original discovery acknowledge that if there is the slightest doubt, the electoral commission will be able to verify the results against the paper ballots.

But the CCC contends that the flaws that still exist in the software might cast suspicion on the election results, which "weakens the democratic process," Neumann said. Some authorities have taken note. In Hesse, the head of the electoral commission asked local election officials to compare the results that will be published online on the evening of the election with those they sent in. And national authorities are now working with the makers of PC-Wahl to make sure the software is as secure as possible come election day.

Date created : 2017-09-09

  • GERMANY - TURKEY

    Another vote, another wrangle between Germany and Turkey

    Read more

  • GERMANY

    Merkel leads as rival Schulz fails to make inroads in key debate

    Read more

  • GERMANY

    Merkel starts Germany's 'strangest' election campaign

    Read more

COMMENT(S)