Upgrade to Pro — share decks privately, control downloads, hide ads and more …

#bug2505

Philippe Teuwen
October 22, 2014
Technology
0
65

 #bug2505

A lightning talk I gave at Hack.lu 2014 about the bug that occurred during the Belgian elections on 25th of May 2014.

Philippe Teuwen

October 22, 2014
Tweet

More Decks by Philippe Teuwen

See All by Philippe Teuwen
EEPROM: It Will All End in Tears
doegox
0
85
2021: A Titan M Odyssey
doegox
0
120
WooKey: Episode VII - The Force Awakens
doegox
0
71
EEPROM: It Will All End in Tears
doegox
0
100
Grey-box attacks, four years later
doegox
0
85
PTS18: Story behind our goodies
doegox
0
73
Design de cryptographie white-box : et à la fin, c’est Kerckhoffs qui gagne
doegox
1
200
Hiding your White-Box Designs is Not Enough
doegox
0
320
Hiding your White-Box Designs is Not Enough
doegox
1
1.1k

Other Decks in Technology

See All in Technology
入社後初めてのタスクでk8sアップグレードした話.pdf
kkato1
0
380
元インフラエンジニアに成る / Human Resources to Human Relations
bobtani
2
710
長期間TiDBを使ってきた話 @ 私たちはなぜNewSQLを使うのかTiDB選定5社が語る選定理由と活用LT / Experiences with TiDB Over Time
chibiegg
2
540
Tableau事例紹介 / Tableau Case Study of Eureka
kazuya_araki_tokyo
1
170
コンパウンドスタートアップのためのスケーラブルでセキュアなInfrastructure as Codeパイプラインを考える / Scalable and Secure Infrastructure as Code Pipeline for a Compound Startup
yuyatakeyama
3
1.8k
2024/4/26 コンピュータ歴史博物館解説告知
toshi_atsumi
0
190
オーナーシップを持つ領域を明確にする
konifar
8
1.2k
WebアプリケーションにおけるPDOの使い方入門 / phpcon odawara 2024
meihei3
2
420
プロトタイピングによる不確実性の低減 / Reducing Uncertainty through Prototyping
ohbarye
3
180
Signals Unleashed: The Full Guide
rainerhahnekamp
0
350
最近たまに見かけるTiDBってなんだ? - Findy
pingcap0315
2
450
強みを伸ばすキャリアデザイン
yug1224
0
200

Featured

See All Featured
Thoughts on Productivity
jonyablonski
57
3.8k
Creatively Recalculating Your Daily Design Routine
revolveconf
209
11k
A Tale of Four Properties
chriscoyier
150
22k
GraphQLとの向き合い方2022年版
quramy
30
12k
What's in a price? How to price your products and services
michaelherold
237
11k
For a Future-Friendly Web
brad_frost
171
8.9k
Web development in the modern age
philhawksworth
201
10k
Fireside Chat
paigeccino
19
2.6k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
115
18k
Practical Orchestrator
shlominoach
181
9.7k
Designing on Purpose - Digital PM Summit 2013
jponch
110
6.4k
Building Adaptive Systems
keathley
29
1.8k

Transcript

  1. #bug2505

  2. 25/05/2014 Belgian federal, regional & European elections eVoting with magnetic

    card eVoting with paper receipt eSorting of paper votes Traditional sorting of paper votes

  3. Yes, we're in 2014...

  4. eVoting with magnetic cards in Belgium Since 1991 Long story...

    – DIGIPASS v1, v2 & JITES v1, v2 – providers: Stéria & Stésud – mutations and cross-overs 2014: JITES – based on code from 2006 – updated in 2012 – merged with feature from 2010: possibility to deselect votes

  5. 25/05/2014 We vote Evening: counting program (CODI) flags incoherences in

    preference votes totals Big mess, Stésud sent to write quickly an ad-hoc tool to decrypt votes from floppies...

  6. 48h later SPF Intérieur speaks Incomplete bug description They say

    no impact on seats Can we trust them? Panel of Experts: bound by secrecy till... it's too late for legal recourses...

  7. 3 days later: source code Tedious, error-prone, hard to share

    outcomes (first conclusions were partially wrong) Got asked to cross-check

  8. PoC || GTFO Let's revive that code! More confident in

    conclusions Nicer to show But... MS DOS, floppies, optical pen, magnetic cards,...

  9. PoC in 12 hours... under Linux • Remove hardware libraries,

    emulate minimum • Rewrite file IO and other MS DOS parts • Bring libXbgi, a Xlib-based port of Borland Graphics Interface • Fix numerous compilation issues (Borland again) • Recode DOS charset in Latin1 • Run in test mode, skipping floppy crypto • Create fake election data • Fix main loop to read back the “card” buffer

  10. DEMO (sorry cannot get GIF in PDF, see at http://www.poureva.be/IMG/gif/DemoBugVE.gif

    )

  11. The bug • ArrayLists[4]=1 (SP not cleared) • ArrayLists[3]=1 (Ecolo)

    • CardWriter() : for(i=...) if(ArrayLists[i] == 1) iList = i + 1 ; SP->Ecolo=SP (bogus vote without prefs) Ecolo->SP=SP More than a preference vote problem!

  12. Resources git clone git://git.yobi.be/git/EL_2014.git http://www.poureva.be/spip.php?article853 Panel of Experts report, very

    nice! – Bigger mess, final countdown: 5th of June – Stésud ad-hoc tool didn't detect all faulty votes – Panel of Expert wrote their own tool... “the GREP method”