Online voting has revolutionised the way citizens across the globe can vote. It allows people unable to get to polling stations to still have their say. You can even go on holiday and cast a digital vote from some far-flung corner of the globe, via the World Wide Web. But like all Internet services, it is also vulnerable to attack.
With our very own general election just passed, the recent news of Australia’s online voting security issues has flagged up more than quiet concern and has made a few people question whether we as should continue to put off ‘online voting’.
66,000 residents of New South Wales had already voted before the security flaw in the popular iVote system was discovered. Luckily, this flaw came up during a practice vote conducted by security experts, who then waited until the problem was fixed before publicly disclosing their find.
The voting server had loaded some code from a third-party site vulnerable to the FREAK attack – a major security flaw that rendered both Google and Apple devices vulnerable to hacking. The FREAK flaw then allowed the security experts (or anyone with the right technical knowledge) to intercept the NSW voter traffic and insert different code into vulnerable web browsers.
This meant that the experts, or hackers, could make the voter’s browser display one thing, whilst secretly sending a different vote to the iVote server. While this problem has since reportedly been fixed, it is not the first time that a major flaw has been found in an online voting system.
In 2010 a team from the University of Michigan managed to break into the server of the district’s new system, change all candidates to fictional characters, alter all votes and even reveal most secret ballots.
As drastic as these two cases sound, it was good fortune that the people hacking the servers were doing it for the right reasons. In the wrong hands, security breeches like this could have drastic consequences, disrupting democracy and influencing the future of a nation.
The UK has yet to introduce online voting. However it remains a highly possible prospect for future elections. Lets hope by then that security has made significant developments!
