E-voting vendor Scytl criticises researchers that found vulnerability

By on
E-voting vendor Scytl criticises researchers that found vulnerability

Claims vote changing "highly unlikely" but fixes code anyway.

Scytl, the Spanish vendor behind Swiss and NSW e-voting software, has taken a swipe at researchers that uncovered a vulnerability in its source code allowing undetectable vote manipulation.

The vendor went into damage control overnight, claiming the attacks uncovered by Australian and international researchers were “highly unlikely – not to say impossible – to perform”, while at the same time noting it had decided to update its code.

Scytl, together with Swiss Post, opened its source code to public scrutiny in late February in what it called a “public hacker test” of the e-voting system.

Cryptography and privacy researchers Sarah Jamie Lewis, Oliver Pereira and Australia’s-own Vanessa Teague used the test to find a vulnerability they said could allow undetectable vote manipulation.

The researchers said the problem was “entirely consistent with a naive implementation of a complex cryptographic protocol by well-intentioned people who lacked a full understanding of its security assumptions and other important details.”

Scytl overnight took a swipe at the intentions of some researchers participating in the public intrusion test.

“The objective of this program is indeed to identify any potential vulnerabilities in a transparent manner,” it said.

“These findings should not be used to create controversy or adverse reactions towards online voting, but instead to foster a constructive dialogue with experts and, together, enhance the security of our electoral system.”

Sarah Jamie Lewis responded to Scytl’s barb and likelihood finding via Twitter.

“The thing about fostering constructive dialogue is that you can't criticise researchers for raising concerns about your project and then pretend this was all part of the plan when they find something,” she said.

“This is one of those cases where people really need to demand an independent, transparent audit and assessment.

“Not that I don't trust Scytl's findings - but there is obviously an inherent conflict of interest in them deciding the risk of something as big as election compromise.”

She added she is for - not against e-voting - with the proviso that the systems stand up to the “highest standards and scrutiny.”

“The problem, as I see it, is people who don't welcome that scrutiny,” she said.

Earlier this week, the NSW Electoral Commission said the defect found in the Swiss government’s e-voting system was also present in the state’s iVote system. It said Scytl would have a fix this week.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
evoting privacy research sctyl security vulnerability

Sponsored Whitepapers

Five questions to ask before you upgrade to a SIEM solution
Five questions to ask before you upgrade to a SIEM solution
Effectively addressing advanced threats
Effectively addressing advanced threats
The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation

Events

Most Read Articles

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it
Australia Post is building a digital twin of its delivery network

Australia Post is building a digital twin of its delivery network
Trump pardons former Google self-driving car engineer

Trump pardons former Google self-driving car engineer
NBN Co runs fixed wireless tower on diesel generator for over two years

NBN Co runs fixed wireless tower on diesel generator for over two years
You must be a registered member of iTnews to post a comment.
| Register

Log In

Username / Email:
Password:
  |  Forgot your password?