You are viewing an obsolete version of the DU website which is no longer supported by the Administrators. Visit The New DU.
Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Hack of the D.C. Internet Voting Pilot -- Explained [View All]

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
Home » Discuss » Topic Forums » Election Reform Donate to DU
Bill Bored Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Oct-05-10 11:22 PM
Original message
Hack of the D.C. Internet Voting Pilot -- Explained
Advertisements [?]
Edited on Tue Oct-05-10 11:26 PM by Bill Bored
by J. Alex Halderman

-snip-

Within 36 hours of the system going live, our team had found and exploited a vulnerability that gave us almost total control of the server software, including the ability to change votes and reveal voters secret ballots. In this post, Ill describe what we did, how we did it, and what it means for Internet voting.

-snip-

A small vulnerability, big consequences

We found a vulnerability in the way the system processes uploaded ballots. We confirmed the problem using our own test installation of the web application, and found that we could gain the same access privileges as the server application program itself, including read and write access to the encrypted ballots and database.

The problem, which geeks classify as a shell-injection vulnerability, has to do with the ballot upload procedure. When a voter follows the instructions and uploads a completed ballot as a PDF file, the server saves it as a temporary file and encrypts it using a command-line tool called GnuPG. Internally, the server executes the command gpg with the name of this temporary file as a parameter: gpg () /tmp/stream,28957,0.pdf.

We realized that although the server replaces the filename with an automatically generated name (stream,28957,0 in this example), it keeps whatever file extension the voter provided. Instead of a file ending in .pdf, we could upload a file with a name that ended in almost any string we wanted, and this string would become part of the command the server executed. By formatting the string in a particular way, we could cause the server to execute commands on our behalf. For example, the filename ballot.$(sleep 10)pdf would cause the server to pause for ten seconds (executing the sleep 10 command) before responding. In effect, this vulnerability allowed us to remotely log in to the server as a privileged user.

-snip-


Read more at:
http://www.freedom-to-tinker.com/blog/jhalderm/hacking-...
Refresh | +8 Recommendations Printer Friendly | Permalink | Reply | Top
 

Home » Discuss » Topic Forums » Election Reform Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC