RIO DE JANEIRO, BRAZIL – A group of experts from the Federal Police found two superficial glitches in the electronic ballot box system during the Public Security Test week, reported on Friday, November 28th, the Superior Electoral Court (TSE).
According to the court, the flaws detected do not affect the security of the electoral process.
According to the TSE’s Information Technology Secretary, Giuseppe Janino, the experts managed to get into the system that feeds voter and candidate data into the electronic ballot box thereby breaching a security wall.
According to Janino, they also succeeded in changing some words or expressions – such as changing the “ballot paper” to “paper” inscription, for instance – but were unsuccessful in their attempt to change candidate or voter names.
The secretary explained that, for the public testing week, the TSE removes barriers so that researchers are able to advance and uncover vulnerabilities. However, he pointed out that, even so, no serious flaws were detected.
“The ballot box features 30 digital walls. The TSE removes these barriers for the test, provides access to data, algorithms. They can easily move forward. They found vulnerabilities, but there is no risk. Even so, we will work to correct them and strengthen the security of the ballot box,” said the secretary after the results were released.
The public tests began last Monday, November 25th. Twenty-five researchers from different parts of the country, including federal police, academics, students and technology professionals, spent the week looking for vulnerabilities in the system.
It was the fifth time that the TSE conducted these tests; in prior editions, the specialists also found vulnerabilities that were later corrected.
The 25 researchers worked in seven groups and, according to the TSE, were unable to alter the ballot papers; tried to use artificial intelligence to access the system but failed; found no vulnerabilities in the cryptographic keys and libraries (in the last test, vulnerability had been detected); mapped routine algorithms and ballot box patterns, but failed to break privacy or tamper with data; failed to break into the network system; tried to use electric pulses to pick up typing from the ballot box, and thus trace the vote, but could not (in the last test they had spotted a flaw, but the keyboards were shielded).
The two flaws detected by the Federal Police experts were checked by the group that submitted the project to retrieve content from the system, attempting to enter data into the ballot box and extracting data from the tallying of votes.
“This is the fifth time this event has been held, with the aim of improving the electronic voting system and checking whether the resources implemented in the ballot box meet the security requirements. And to correct any vulnerabilities that may be detected,” said Justice Rosa Weber, president of the TSE.
According to her, “it’s time to open up the security systems in the eyes of the scientific community, parties, students, it’s a call for them to act as hackers in order to detect flaws in the integrity of the ballot box”. According to Weber, the tests will ensure safe elections in 2020.
The result released on Friday, which found the two vulnerabilities, is only partial. The TSE will submit a final report on December 10th.
TSE experts will work to correct the flaws, and a new round of tests will be conducted next year.
Source: Globo