Session
Fahrplan rc3
IT-Security

Hacking German Elections

Insecure Electronic Vote Counting - How It Returned and Why You Don't Even Know About It
After the first unsuccessful deployment of voting machines in Germany about ten years ago, elements of electronic voting have reached elections again. Although there is now still a paper-trail, more and more essential steps, such as counting the votes, are moved into electronic systems. This change in the ballot-counting procedure took place mostly unnoticed by the public. We are two very concerned election workers who present our first-hand experience in this talk. We show that the current digital procedure is conceptually and practically flawed in terms of security. First, we give an insight into the role of computers and their interaction with humans during ballot-counting. We show that the underlying system concepts contradict IT-security best-practices. Next, we present an in-depth analysis of one ballot-counting software, deployed for the Bavarian municipal elections ("Kommunalwahlen"). We discovered several severe security vulnerabilities that allow an almost unnoticeable manipulation of local voting results. Finally, we conclude that there is an immediate need for action to re-establish election security and transparency - not only for the government but for everyone of us.

Elections are a key element of every democracy. However, many democratic countries in the world have to face attacks on them, be it by the government or by foreign countries. Even if ballot counting has been finished, election results are often not accepted but questioned due to alleged manipulations. All these aspects pose major threats to democracy as they try to undermine the actual and publicly perceived integrity of elections.

In Germany, elections are usually considered quite secure. Elections are paper-based and the subsequent ballot-counting is open to the public. The infamous introduction of electronic voting machines about ten years ago was finally stopped by the German Federal Constitutional Court. Thus, everything is human-controlled, transparent, and secure – isn’t it?

Unfortunately, these claims are questionable since the silent introduction of electronic vote counting. The election system in Germany is quite complex, for example in the "Kreistagswahlen" (~district elections) workers have to count up to 70 individual votes per ballot, while respecting a special rule set. This process is very labor-intensive and sufficient election workers are often hard to come by. Due to this, electronic systems were introduced that provide support during vote counting. Election workers are no longer required to fill tally sheets, count votes, and sum them up on their own. Each ballot is simply entered into a software that performs all the magic and finally emits a result.

This year, we volunteered again as election workers, but our trust in electronically-assisted elections has been vastly impacted. As IT-security researchers, we consider it our responsibility to share and discuss our concerns. We performed a thorough analysis of the concept and the hard- and software of the electronic vote counting system. We discovered several flaws on a conceptual and practical level, that can severely diminish the integrity of the election and makes it prone to manipulations. To underline the impact of the system’s vulnerabilities, we demonstrate an exemplary attack on an election.

Finally, we propose different options on how to make elections secure again. We do not consider this an entirely technical case, as there are significant legal and societal circumstances that led to the deployment of this insecure system.

Additional information

Type Talk
Language English

More sessions

12/27/20
IT-Security
Max Aliapoulios
rC2
Ransomware is a type of malware that encrypts the files of infected hosts and demands payment, often in a cryptocurrency such as Bitcoin. In this talk, we present a measurement framework that we used to perform a large-scale, two-year, end-to-end measurement of ransomware payments, victims and operators.
12/27/20
IT-Security
Thomas Roth
rC2
On November 13., Nintendo launched its newest retro console, the Nintendo Game and Watch - but by then it was already hacked! In contrast to the other Nintendo classic consoles (NES & SNES), Nintendo upped their game this time: A locked processor, AES-CTR encrypted flash & co. made it significantly harder to hack it, but in the end it was still hacked - one day before release. This talk walks through the whole process of opening it up, exploiting the firmware up to bringing homebrew to a new ...
12/27/20
IT-Security
Florian Schweitzer
chaosstudio-hamburg
Ein Klick auf einen "Unsubscribe"-Link in einem Newsletter reicht oft aus, damit ein Angreifer eine Rufumleitung bei einer Zielperson einrichten kann. Damit lassen sich etwa die Passwörter von mit der Rufnummer verknüpften Google- oder Microsoft-Accounts zurücksetzen.
12/27/20
IT-Security
chaosstudio-hamburg
Load Value Injection (LVI) is a new class of transient-execution attacks exploiting microarchitectural flaws in modern processors to inject attacker data into a victim program and steal sensitive data and keys from Intel SGX, a secure vault in Intel processors for your personal data.
12/28/20
IT-Security
jiska
rC2
How secure is the interface between baseband chips and iOS? While this interface should protect against escalations from the baseband into operating system components, its implementation is full of bugs. Fuzzing this interface is not only relevant to security, but also results in various funny effects, since the iPhone looses information about its identity and location, and eventually ends up in a state with a few thousand unread SMS that can no longer be deleted.
12/28/20
IT-Security
Alisa Esage
rC2
State-of-the-art report on Qualcomm DIAG diagnostic protocol research, its modern implementation as it appears in Hexagon basebands, advanced harnessing and reverse-engineering on modern off-the-shelf smartphones.
12/28/20
IT-Security
Ross Anderson
rC1
The EU has been pushing for apps that support end-to-end encrypted messaging to contain an upload filter, which will scrutinise material for prohibited content before it's encrypted. This is the latest in a long line of attempts to maintain government access to data despite cryptography. In this talk, I will try to put them in context of the last two crypto wars and assess the costs their efforts have imposed on our economies. I'll finally ask what strategic direction democratic governments ...