While the Germans are preparing for their federal elections later this month, security researchers are warning. Although computers are not used for the process, as electronic voting is not legal in the country, they are used to record and transmit the results.
Ο Martin Tschirsich, ένας επιστήμονας υπολογιστών από το Darmstadt, αναφέρει ότι βρήκε σημαντικές ευπάθειες στον κώδικα του software PC-Wahl used by the German state.
In September 24, this software will be used to record the results in individual polling stations, transmit them to the local electoral authorities, collect them and transmit them to the state electoral authorities. Some of these state authorities also use the same software.
"Elections are not safe," Tschirsich told Zeit Online. "They can be violated."
In addition, Tschirsich's findings were supported by the credible team white hat hackers Chaos Computer Club (CCC).
However, German officials argue that it will not be possible to change the results of federal elections because there are measures to keep them safe.
Η CCC published an analysis of the PC-Wahl software source code on Thursday, reporting that there were “several problems ασφάλειας και πολλά πιθανά σενάρια attacks”, some of which could result in the total votes being changed.
Perhaps most worryingly, the team reported that the mechanism informationPC-Wahl's software has a flaw that allows a one-click hack, and blocks the need for state-sponsored actors to participate. In addition, the server is apparently insecure.
"The basic principles of IT security have not been adhered to," CCC's Linus Neumann said in a statement. "Their vulnerabilities and seriousness exceeded our worst expectations."
These security issues are not only a problem for the next federal elections. The software has already been used for elections in all German Länder or states, as well as in previous national and European elections.
"Preventing manipulation in the upcoming Bundestag elections is my highest priority," said federal official Dieter Sarreither in a statement.
Sarreither's office said he was aware of the problems revealed by the researchers and asked the regional electoral authorities to take steps such as installing PC-Wahl's latest update and validating the results sent electronically.
This process may mean making phone calls to ensure that the data received is the same as the ones sent, he added, adding that election security is more important than the speed of the collection of results.
