Upgrade to Pro — share decks privately, control downloads, hide ads and more …

#bug2505

Philippe Teuwen
October 22, 2014
Technology
0
67

 #bug2505

A lightning talk I gave at Hack.lu 2014 about the bug that occurred during the Belgian elections on 25th of May 2014.

Philippe Teuwen

October 22, 2014
Tweet

More Decks by Philippe Teuwen

See All by Philippe Teuwen
EEPROM: It Will All End in Tears
doegox
0
89
2021: A Titan M Odyssey
doegox
0
130
WooKey: Episode VII - The Force Awakens
doegox
0
72
EEPROM: It Will All End in Tears
doegox
0
110
Grey-box attacks, four years later
doegox
0
89
PTS18: Story behind our goodies
doegox
0
77
Design de cryptographie white-box : et à la fin, c’est Kerckhoffs qui gagne
doegox
1
210
Hiding your White-Box Designs is Not Enough
doegox
0
320
Hiding your White-Box Designs is Not Enough
doegox
1
1.1k

Other Decks in Technology

See All in Technology
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.1k
【Startup CTO of the Year 2024 / Audience Award】アセンド取締役CTO 丹羽健
niwatakeru
0
990
Lambda10周年!Lambdaは何をもたらしたか
smt7174
2
110
Engineer Career Talk
lycorp_recruit_jp
0
160
SREによる隣接領域への越境とその先の信頼性
shonansurvivors
2
520
Introduction to Works of ML Engineer in LY Corporation
lycorp_recruit_jp
0
110
10XにおけるData Contractの導入について: Data Contract事例共有会
10xinc
6
620
透過型SMTPプロキシによる送信メールの可観測性向上: Update Edition / Improved observability of outgoing emails with transparent smtp proxy: Update edition
linyows
2
210
適材適所の技術選定 〜GraphQL・REST API・tRPC〜 / Optimal Technology Selection
kakehashi
1
170
AGIについてChatGPTに聞いてみた
blueb
0
130
VideoMamba: State Space Model for Efficient Video Understanding
chou500
0
190
個人でもIAM Identity Centerを使おう!(アクセス管理編)
ryder472
3
200

Featured

See All Featured
A Modern Web Designer's Workflow
chriscoyier
693
190k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
How GitHub (no longer) Works
holman
310
140k
Building an army of robots
kneath
302
43k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Being A Developer After 40
akosma
86
590k
Building Better People: How to give real-time feedback that sticks.
wjessup
364
19k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
364
24k
A better future with KSS
kneath
238
17k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
370
BBQ
matthewcrist
85
9.3k

Transcript

  1. #bug2505

  2. 25/05/2014 Belgian federal, regional & European elections eVoting with magnetic

    card eVoting with paper receipt eSorting of paper votes Traditional sorting of paper votes

  3. Yes, we're in 2014...

  4. eVoting with magnetic cards in Belgium Since 1991 Long story...

    – DIGIPASS v1, v2 & JITES v1, v2 – providers: Stéria & Stésud – mutations and cross-overs 2014: JITES – based on code from 2006 – updated in 2012 – merged with feature from 2010: possibility to deselect votes

  5. 25/05/2014 We vote Evening: counting program (CODI) flags incoherences in

    preference votes totals Big mess, Stésud sent to write quickly an ad-hoc tool to decrypt votes from floppies...

  6. 48h later SPF Intérieur speaks Incomplete bug description They say

    no impact on seats Can we trust them? Panel of Experts: bound by secrecy till... it's too late for legal recourses...

  7. 3 days later: source code Tedious, error-prone, hard to share

    outcomes (first conclusions were partially wrong) Got asked to cross-check

  8. PoC || GTFO Let's revive that code! More confident in

    conclusions Nicer to show But... MS DOS, floppies, optical pen, magnetic cards,...

  9. PoC in 12 hours... under Linux • Remove hardware libraries,

    emulate minimum • Rewrite file IO and other MS DOS parts • Bring libXbgi, a Xlib-based port of Borland Graphics Interface • Fix numerous compilation issues (Borland again) • Recode DOS charset in Latin1 • Run in test mode, skipping floppy crypto • Create fake election data • Fix main loop to read back the “card” buffer

  10. DEMO (sorry cannot get GIF in PDF, see at http://www.poureva.be/IMG/gif/DemoBugVE.gif

    )

  11. The bug • ArrayLists[4]=1 (SP not cleared) • ArrayLists[3]=1 (Ecolo)

    • CardWriter() : for(i=...) if(ArrayLists[i] == 1) iList = i + 1 ; SP->Ecolo=SP (bogus vote without prefs) Ecolo->SP=SP More than a preference vote problem!

  12. Resources git clone git://git.yobi.be/git/EL_2014.git http://www.poureva.be/spip.php?article853 Panel of Experts report, very

    nice! – Bigger mess, final countdown: 5th of June – Stésud ad-hoc tool didn't detect all faulty votes – Panel of Expert wrote their own tool... “the GREP method”