The expert found a vulnerability in the online voting system in the elections in Moscow
One of the world's most respected cryptographers has discovered vulnerabilities in the data encryption system that will be used in the elections to the Moscow City Duma. The authorities promise to introduce a more stable encryption scheme.
Pierrick Gaudry, an employee of the French National Center for Scientific Research, said that the encryption used in the Russian electronic voting system is “completely unsafe” and can be hacked by attackers in about 20 minutes.
Recall that the e-voting system will be used for the first time in the Moscow City Duma elections on September 8. Its public testing was carried out, as a result of which several attempts were recorded to find a link to a unique anonymized bulletin. The attacks were professional.
The government explained that it was not a system failure, but a data output failure.
At the same time, the Moscow government emphasized the security of the developed electronic voting system: “Blockchain technology will ensure transparency and invariability of all data”.
During testing the system, its creators posted on the website for developers Github (the source code of some modules of the electronic voting system built on blockchain technology). However, the French researcher found that the length of the public key encryption is less than 256 bits, which allows calculating the private key and crack the encryption of the system in about 20 minutes using a regular personal computer and free software.
The Moscow authorities recognised the presence of vulnerabilities in the encryption system of the online voting platform. A representative of the Moscow Department of Information Technology said that the Department "partially agrees" that the existing key does not provide sufficient encryption strength.
He drew attention to the fact that the hacking of the system was still not carried out and noted that the Agency had specially posted the public key on the network so that hackers tried to decrypt it before the private key is posted on the network. The expert also said that the system is based on the Ethereum platform.
At the same time, an expert of Kaspersky Lab confirmed to journalists that the study conducted by Gaudry is theoretical and there was no direct hacking of the system. In addition, experts reported that the most negative consequence of such a hack would be a violation of the secrecy of the vote.
from E Hacking News - Latest Hacker News and IT Security News https://ift.tt/30qrEdL
Comments
Post a Comment