As Germans prepare for their federal elections later this month, researchers security warn. Although computers are not used for the process, as electronic voting is not legal in the country, they are used to record and transmit the results.
Martin Tschirsich, a computer scientist from Darmstadt, reports that he found significant vulnerabilities in the code of the PC-Wahl software used by the German state.
On September 24, the software this will be used to record results at individual polling stations, transmit them to local election authorities, collate them and transmit them to state election authorities. Some of these government authorities also use the same software.
"Elections are not safe," Tschirsich told Zeit Online. "They can be violated."
In addition, Tschirsich's findings were supported by the credible team white hat hackers Chaos Computer Club (CCC).
However, German officials argue that it will not be possible to change the results of federal elections because there are measures to keep them safe.
Η CCC released a PC-Wahl source code analysis on Thursday, saying there were "various security issues and many possible attack scenarios", some of which could lead to a change in the overall vote.
Perhaps most worrying is that the team reported that the PC-Wahl software update mechanism has a flaw that allows one-click hacking, and blocks the need for state-funded players to participate. In addition, the server is obviously unsafe.
"The basic principles of IT security have not been adhered to," CCC's Linus Neumann said in a statement. "Their vulnerabilities and seriousness exceeded our worst expectations."
These security issues are not only a problem for the next federal elections. The software has already been used for elections in all German Länder or states, as well as in previous national and European elections.
"Preventing manipulation in the upcoming Bundestag elections is my highest priority," said federal official Dieter Sarreither in a statement.
Sarreither's office said it was aware of the problems uncovered by investigators and asked regional election authorities to take steps such as installing the last update of PC-Wahl and validate the results sent electronically.
This process may mean making phone calls to ensure that the data received are the same as those sent, he said, adding that election security is more important than the speed of collecting results.
