E-voting vendor Scytl criticises researchers that found vulnerability

By on
E-voting vendor Scytl criticises researchers that found vulnerability

Claims vote changing "highly unlikely" but fixes code anyway.

Scytl, the Spanish vendor behind Swiss and NSW e-voting software, has taken a swipe at researchers that uncovered a vulnerability in its source code allowing undetectable vote manipulation.

The vendor went into damage control overnight, claiming the attacks uncovered by Australian and international researchers were “highly unlikely – not to say impossible – to perform”, while at the same time noting it had decided to update its code.

Scytl, together with Swiss Post, opened its source code to public scrutiny in late February in what it called a “public hacker test” of the e-voting system.

Cryptography and privacy researchers Sarah Jamie Lewis, Oliver Pereira and Australia’s-own Vanessa Teague used the test to find a vulnerability they said could allow undetectable vote manipulation.

The researchers said the problem was “entirely consistent with a naive implementation of a complex cryptographic protocol by well-intentioned people who lacked a full understanding of its security assumptions and other important details.”

Scytl overnight took a swipe at the intentions of some researchers participating in the public intrusion test.

“The objective of this program is indeed to identify any potential vulnerabilities in a transparent manner,” it said.

“These findings should not be used to create controversy or adverse reactions towards online voting, but instead to foster a constructive dialogue with experts and, together, enhance the security of our electoral system.”

Sarah Jamie Lewis responded to Scytl’s barb and likelihood finding via Twitter.

“The thing about fostering constructive dialogue is that you can't criticise researchers for raising concerns about your project and then pretend this was all part of the plan when they find something,” she said.

“This is one of those cases where people really need to demand an independent, transparent audit and assessment.

“Not that I don't trust Scytl's findings - but there is obviously an inherent conflict of interest in them deciding the risk of something as big as election compromise.”

She added she is for - not against e-voting - with the proviso that the systems stand up to the “highest standards and scrutiny.”

“The problem, as I see it, is people who don't welcome that scrutiny,” she said.

Earlier this week, the NSW Electoral Commission said the defect found in the Swiss government’s e-voting system was also present in the state’s iVote system. It said Scytl would have a fix this week.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
evoting privacy research sctyl security vulnerability

Most Read Articles

Telstra sets $65 a month as minimum spend to get 5G access

Telstra sets $65 a month as minimum spend to get 5G access
Woolworths pays record $1m fine for spamming customers

Woolworths pays record $1m fine for spamming customers
Telstra gets two more years to upgrade or sell its residential fibre networks

Telstra gets two more years to upgrade or sell its residential fibre networks
ATO systems crash in tax time refund rush

ATO systems crash in tax time refund rush
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Get IT, finance and business on the same page
Get IT, finance and business on the same page
Why is DevSecOps important to your business?
Why is DevSecOps important to your business?
Architecting Hybrid IT & Edge for Digital Advantage
Architecting Hybrid IT & Edge for Digital Advantage
Organizations Increasing Their Adoption of NFV
Organizations Increasing Their Adoption of NFV
Modernise IT by Reducing Your Reliance on AD
Modernise IT by Reducing Your Reliance on AD

Events

Log In

Username / Email:
Password:
  |  Forgot your password?