A hacker claims to have discovered an important weakness in canton Geneva’s e-voting system to attacks that could redirect online voters to malicious websites. The canton says it is aware of the issue and introduced countermeasures years ago.
Last week, Volker Birk of the Chaos Computer Club Switzerland said he had discovered that the Geneva online voting system – the biggest in Switzerland – uses an insecure procedure to protect its web address.
Birk told Swiss public television, SRF, that it took only a few minutes to discover the system’s weakness to so-called DNS cache poisoning – an attack that exploits vulnerabilities in the domain name to divert internet traffic away from legitimate servers and towards fake ones. He added that the problem had been known for decades.
In a public statement on Saturdayexternal link, canton Geneva said it had been informed by SRF about the fake site, which it admitted “did not allow people to vote electronically”.
The statement pointed out that Geneva’s e-voting system had never been compromised “either in terms of reliability or security”.
The canton told SRF in a written reply thatexternal link it had been aware of the issue for some time and that countermeasures were put in place in 2003 and strengthened in 2015.
“No anomalies have been observed in the e-voting process to date. Ongoing surveillance continues during each vote,” it stated.
The use of electronic voting in Switzerland has been making slow progress amid setbacks over security concerns. Over the past 15 years, more than 200 trials with e-voting have been carried out at nationwide and cantonal levels.
For the upcoming national votes on November 25external link, voters from canton Vaud will use the system developed by canton Geneva, which is also favoured by the cantons of Bern, Lucerne, Basel City, St Gallen and Aargau.
In all, some 213,000 voters will be allowed to cast their ballots electronically for the vote on the subjects of the Swiss constitution versus international law, social detectives and the practice of de-horning cows.
Last year, the government decided to expand e-voting options across the country, incorporating it in at least 18 of the country’s 26 cantons by October 2019 for the parliamentary elections.
Critics have repeatedly warned of security flaws of e-voting. Plans are afoot to launch an initiative aimed at banning e-voting that would permanently block plans by the government to introduce it.