Washington D.C. Online Voting System Hacked By Researchers Of Michigan University in Less Than 48 hrs

Washington D.C. Online Voting System Hacked By Researchers Of Michigan University in Less Than 48 hrs

he security functions of a pilot project for online voting in Washington D.C. compromised. Researchers at the University of Michigan have reported that it took them only a short time to crack the security of the whole function. "Within 48 hours of the system going live, we had gained near complete control of the election server", the researchers wrote in a paper that has now been released. "We successfully changed every vote and revealed almost every secret ballot." - Said the researchers.

The hack was only discovered after about two business days – and most likely only because the intruders left a visible trail on purpose. In 2010, the developers of the municipal e-voting system that enables voters living abroad to vote via a web site, invited security experts to conduct tests. The university researchers say that the project was developed in cooperation with the Open Source Digital Voting Foundation(OSDV) and that other US states have also worked on services similar to Washington's "Digital Vote-by-Mail Service". They also praise the system's transparency as exemplary but point out that its architecture has fundamental security weaknesses and was not able to withstand a shell injection and other common hacker techniques. The security experts investigated common vulnerable points such as login fields, the virtual ballots' content and filenames, and session cookies – and found several exploitable weaknesses. Even the Linux kernel used in the project proved to have a well known vulnerability.