TerraSwarm PI Alex Halderman Uncovers Security Flaw in New South Wales (NSW) Internet voting system iVote

Prior to the launch of the New South Wales (NSW) online voting system, iVote, TerraSwarm PI Alex Halderman (Professor, Univ. of Michigan) and collaborator Vanessa Teague warned that the system had not sufficiently addressed potential security concerns. Despite repeated assurances from the Electoral Commission that all Internet votes are 'fully encrypted and safeguarded,' six days into online voting, Halderman and Teague discovered a FREAK flaw that could allow an attacker to intercept votes and inject their own code to change those votes, all without leaving any trace of the manipulation. (FREAK stands for Factoring RSA Export Keys and refers to the exploitation of a weakness in the SSL/TLS protocol that allows attackers to force browsers to use weak encryption keys.)

The NSW Electoral Commission admitted that there was a FREAK flaw with iVote and scrambled to promptly patch it. 

To read more, go to the following links:

• Electronic Frontier Foundation: New South Wales Attacks Researchers Who Found Internet Voting Vulnerabilities 
• CITP Freedom to Tinker: Security Flaw in New South Wales puts Thousands of Online Votes at Risk