You are viewing an obsolete version of the DU website which is no longer supported by the Administrators. Visit The New DU.
Democratic Underground Latest Greatest Lobby Journals Search Options Help Login

Hack of the D.C. Internet Voting Pilot -- Explained [View All]

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
Home » Discuss » Topic Forums » Election Reform Donate to DU
Bill Bored Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Oct-05-10 11:22 PM
Original message
Hack of the D.C. Internet Voting Pilot -- Explained
Advertisements [?]
Edited on Tue Oct-05-10 11:26 PM by Bill Bored
by J. Alex Halderman


Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters secret ballots. In this post, Ill describe what we did, how we did it, and what it means for Internet voting.


A small vulnerability, big consequences

We found a vulnerability in the way the system processes uploaded ballots. We confirmed the problem using our own test installation of the web application, and found that we could gain the same access privileges as the server application program itself, including read and write access to the encrypted ballots and database.

The problem, which geeks classify as a shell-injection vulnerability, has to do with the ballot upload procedure. When a voter follows the instructions and uploads a completed ballot as a PDF file, the server saves it as a temporary file and encrypts it using a command-line tool called GnuPG. Internally, the server executes the command gpg with the name of this temporary file as a parameter: gpg () /tmp/stream,28957,0.pdf.

We realized that although the server replaces the filename with an automatically generated name (stream,28957,0 in this example), it keeps whatever file extension the voter provided. Instead of a file ending in .pdf, we could upload a file with a name that ended in almost any string we wanted, and this string would become part of the command the server executed. By formatting the string in a particular way, we could cause the server to execute commands on our behalf. For example, the filename ballot.$(sleep 10)pdf would cause the server to pause for ten seconds (executing the sleep 10 command) before responding. In effect, this vulnerability allowed us to remotely log in to the server as a privileged user.


Read more at:
Refresh | +8 Recommendations Printer Friendly | Permalink | Reply | Top
  -Hack of the D.C. Internet Voting Pilot -- Explained Bill Bored  Oct-05-10 11:22 PM   #0 
  - What this means for Internet voting:  Bill Bored   Oct-05-10 11:37 PM   #1 
  - I'm not a computer expert, but what's the difference really between  Stevepol   Oct-06-10 03:55 AM   #2 
  - Very similar but it seems that internet voting is even MORE vulnerable and less traceable/auditable.  demodonkey   Oct-06-10 06:13 AM   #4 
  - In a word, access.  hootinholler   Oct-06-10 07:09 AM   #5 
     - You don't necessarily need "physical access to a smart card." DREs and ballot scanners have PORTS!  Bill Bored   Oct-06-10 12:57 PM   #7 
        - But you still need physical access to the DRE  hootinholler   Oct-06-10 03:15 PM   #8 
           - But not for long. A few minutes would be long enough. nt  Bill Bored   Oct-07-10 12:28 AM   #9 
  - Please send this to your county auditors and SecStates  eridani   Oct-06-10 04:54 AM   #3 
  - I'd like to see someone ask the NASS to comment on this!!  diva77   Oct-06-10 11:41 AM   #6 
  - kick  Wilms   Oct-19-10 11:54 PM   #10 
  - POSITIVE NEWS FOR INTERNET VOTING  Bill_Kelleher   Oct-21-10 06:08 PM   #11 
  - Spamming DU too? My, you must really be desperate to push Internet voting. Who R U working 4? nt  Bill Bored   Oct-22-10 01:56 AM   #12 
     - False Accusations, Uninformed Opinion  Bill_Kelleher   Oct-25-10 03:31 PM   #14 
     - RE who is getting paid  Bill_Kelleher   Oct-25-10 04:04 PM   #16 
  - Halderman testimony at D.C. hearing  emlev   Oct-24-10 06:00 PM   #13 
     - More than one side to this story  Bill_Kelleher   Oct-25-10 03:32 PM   #15 

Home » Discuss » Topic Forums » Election Reform Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC