Australian online voting system may have FREAK bug Next weekend, voters in the Australian State of New South Wales go to the polls to elect a new government. Some have already cast their votes online, with a system that may be running the FREAK bug. So say Vanessa Teague and J. Alex Halderman, respectively a research fellow in the Department of Computing and Information …
Seems like an awful lot of trouble to change one ballot. To be meaningful, thousands would have to be changed. There's attacks for kicks and grins and attacks for greed. I think this would fall under the kicks and grins part... unless a candidate is paying off the hackers. Wouldn't bringing in the "dead vote" give a greater return?
Doesn't mean it shouldn't be fixed, just got kind of an "meh" feeling about their reasoning given all the ways the voting system can be gamed.
No, didn't miss it at all. There's lots of ways to game the system as Chicago has proved in the past. If suddenly enough ballots popped up to change the election and from the same location, I think they would be noticed. Or at least I would hope they would be noticed that something was amiss.
And yet every cycle (at least Federal) we get noise about voter 'fraud', even though, as Malcolm Turnbull admitted, that is often people voting on behalf of a family member or friends who couldn't make it or was too lazy.
The amount of such fraud is truly tiny and no one has ever suggested it has made the slightest jot of difference. But yet we keep getting pushes for more automated solutions to fix this non-existent problem.
Online voting is certainly hand for people in more remote locations so I am not suggesting it is pointless but any politician or civil servant who wishes to push electronic voting into wider use should take note of issues like this.
One thing I appreciate about voting in Australia is the simplicity. Turn up at any polling booth within your electorate on polling day, grab a sausage or steak sandwich, queue for ~30 minutes take 5 minutes to vote and leave. If you happen to be a reasonable distance from your electorate, then you can cast an absentee vote. If you don't feel like voting on the day, submit a postal vote.
I also like preferential voting, because it makes it easy to cast a protest vote or single issue vote and use your preferences to support the candidates you prefer.
Would you believe that our local station has been sans snags the last four elections in a row? People spout off about 'un-Australian' this that and the other but not being able to burn your mouth on processed meat while slowly roasting in the sun and feeling vaguely uncomfortable about being back in a school ground is about as low as this country can go.
That said, we live in a really safe seat which, though unfortunate in terms of the political process, is good because the usual party volunteers handing out flyers are pretty laid-back as they know that no amount of cheaply-printed how-to-vote pamphlets will make a lick of difference.
By definition the man has to be between you and the target system.
If you think of the online voting world as a massive star network centred on the Australian servers then to have any noticeable effect your man would have to be very near the middle of the star.
The assumption is that you have to connect via a compromised network server, probably an Internet cafe or coffee shop, I would guess.
That would be an intersting challenge - compromise enough network architecture globally (or even in rural Australia) to be able to specifically target Oz voters.
If this has been achieved then I would guess the problems are far more seriousn than subverting a small percentage of the vote.
However I now wonder how many PCs owned by Oz voters are also owned by malware.
This might be a more effective attack - does it still count as MITM if you own the browser?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
