As Germans prepare for their federal elections later this month, researchers security warn. Although computers are not used for the process, as electronic voting is not legal in the country, they are used to record and transmit the results.
Martin Tschirsich, a computer scientist from Darmstadt, says he found significant vulnerabilities in the PC-Wahl software code used by the German state.
In September 24, this software will be used to record the results in individual polling stations, transmit them to the local electoral authorities, collect them and transmit them to the state electoral authorities. Some of these state authorities also use the same software.
"Elections are not safe," Tschirsich told Zeit Online. "They can be violated."
Furthermore, Tschirsich's findings were supported by the reliable team white hat hackers Chaos Computer Club (CCC).
However, German officials argue that it will not be possible to change the results of federal elections because there are measures to keep them safe.
Η CCC published an analysis of the source code of the PC-Wahl software on Thursday, saying there were "several security issues and many possible scenarios attacks”, some of which could result in the total votes being changed.
Perhaps most worrying is that the team reported that the PC-Wahl software update mechanism has a flaw that allows one-click hacking, and blocks the need for state-funded players to participate. In addition, the server is obviously unsafe.
"The basic principles of IT security have not been adhered to," CCC's Linus Neumann said in a statement. "Their vulnerabilities and seriousness exceeded our worst expectations."
These security issues are not only a problem for the next federal elections. The software has already been used for elections in all German Länder or states, as well as in previous national and European elections.
"Preventing manipulation in the upcoming Bundestag elections is my highest priority," said federal official Dieter Sarreither in a statement.
Sarreither's office said he was aware of the problems revealed by the researchers and asked the regional electoral authorities to take steps such as installing PC-Wahl's latest update and validating the results sent electronically.
This process may mean making phone calls to ensure that the data received is the same as the ones sent, he added, adding that election security is more important than the speed of the collection of results.
