Skip to content

Continuous improvement of the e-voting system: reports from experts

At the start of 2021, Swiss Post initiated a community programme on e-voting and published the essential components and documentation for the beta version of its future e-voting system. This is a cyber security measure. Swiss Post aims to work with leading international specialists to identify and eliminate every vulnerability in order to maintain the system at the highest possible security level.

On this page you will find a description of all confirmed findings, the severity of which Swiss Post classifies as high or critical after an in-depth technical analysis. The details are updated on a regular basi

Overview of the findings

 

Status 13.09.2023
Number of reports 304

Number of findings with
high severity level

5
Number of findings with
critical severity level
0
Total rewards paid out € 178 650

 

Confirmed findings with high and critical severity

Swiss Post permanently and fully discloses its future e-voting system. Experts can analyze the documents and test the source code. As part of the bug bounty program, Swiss Post pays rewards for confirmed vulnerabilities. These are cyber security and international best practice measures to keep security at the highest possible level. The aim of these measures is to find and eliminate possible points of attack in the system at an early stage on the basis of the reported findings.

All information, including questions, comments and findings, is published on the GitLab specialist platform.

Below you will find a regularly updated description of all confirmed findings, the severity of which Swiss Post classifies as high or critical after a detailed technical analysis.

The findings are listed chronologically after their publication time on GitLab.

 

Issue #YWH-PGM2323-190 : Concurrent command execution isolation broken

Date: August 2023

Reported by: Florian Moser

Severity: high

Reward paid: € 10,000

Description: The described fault reveals a vulnerability in one of the mechanisms (exactly once processing) that ensure cryptographic commands cannot be issued twice in components distributed in a decentralized manner. Depending on the scenario, double execution of a cryptographic command could compromise the validity of the choice return codes, the correctness of the result or the secrecy of the vote. In analysing the finding, Swiss Post has demonstrated that additional security mechanisms in the Hibernate framework used and in the database prevent such attacks, so it is not possible to exploit the finding. The specified mechanisms ensure that the commands already issued are stored, meaning that duplicate execution of the command is detected and rejected. Nevertheless, Swiss Post is correcting the exactly once processing mechanism as an additional security element.

Status and solution: The finding has already been resolved and the solution implemented in the latest release (Concurrent command execution isolation broken (#9) · Tickets · swisspost-evoting / E-voting / E-voting · GitLab) 

Issue #5 (e-voting) SDM - Insecure USB file handling during 'importOperation'

Date: September 2021

Reported by: Ruben Santamarta

Severity: high

Reward paid: € 15,000

Description: The error described indicates that an attack on an offline entity of the Secure Data Manager (SDM) is possible if malware were to be saved on an encrypted data carrier used for the physical transport of data between online and offline computers. The canton uses the SDM program to set up the electronic contest before every election or vote. The program runs on several offline computers and one online computer within the canton’s infrastructure. By exploiting this error, an attacker could jeopardize the correct configuration of the electronic contest via an offline computer.

An attack could be carried out at the point when the imported data are validated and could be facilitated by the current lack of restriction on which data can be imported into the SDM directory.

Status and resolution: SDM - Insecure USB file handling during 'importOperation'

Issue #1 (e-voting) Insufficient Signature Validation of the Election Public Key resulting in possible attacks against individual verifiability

Date: October 2021

Reporting: Analysis of the Confederation’s independent experts (reported by: V. Teague, O. Pereira and Th. Haines), on the basis of which Swiss Post’s e-voting team discovered the error

Severity: high

Reward paid: Reported as part of the independent examination commissioned by the Confederation, no reward in the bug bounty programme

Description: The error would an attacker who has gained control over the voting client, the voting server and a control component, to endanger individual verifiability. The attacker could falsify a public key, a cryptographic component used to securely transmit a message to the voter unaltered, and get the other control components to accept it anyway. The voter themselves would not be able to determine that their vote was invalidated, i.e. individual verifiability would not be ensured. However, the attack would be discovered when the canton checked the votes.

Status and solution: Insufficient signature validation of the election public key resulting in possible attacks against individual verifiability

Issue #11 (e-voting documentation) Risk of privacy breach due to the CCMs not checking the ZKP before mix-decrypting

Date: June 2021

Reported by: Pierrick Gaudry, Véronique Cortier, Alexandre Debant

Severity: high

Reward paid: € 40,000

Description: If an attacker could control parts of Swiss Post’s server infrastructure and the last offline control component operated by the canton, it would be possible for them to exploit the error in order to break the voting secrecy of multiple votes. The control components do not currently check whether a ballot box belongs to a particular voting procedure. Nor do they check whether the votes in a ballot box have already been mixed and decrypted.

Status and solution: Risk of privacy breach due to the CCMs not checking the ZKP before mix-decrypting

Issue #2 (e-voting documentation) The algorithm GenCMTable allows an adversary to recover the election event's set of possible short return codes

Date: February 2021

Reported by: Thomas Haines

Severity: high

Reward paid: € 7,500

Description: An attacker who manages to break into the e-voting infrastructure can, by exploiting the described error, could obtain information that could help them guess choice return codes and the confirmation code. They could use this to indicate the correct registration of the vote to the voter while still recording the incorrect vote in the background.

Status and solution: The algorithm GenCMTable allows an adversary to recover the election event’s set of possible short return codes

Subscribe to the blog

Sign up for our E-government blog and you’ll receive regular updates on our latest blog articles, expert opinions and industry trends.