CIP Cyber

Log In
Menu
Log In
  • Opinion
  • Product Reviews
  • Industrial Cybersecurity
  • Videos

Australian online voting system includes FREAK vulnerability

Table of Contents

In the elections of Australian State of New South Wales,
people went to the polls to elect a new government. Some residents cast their
votes online, with a system that may be carrying the FREAK bug.The system is termed as iVote system that was launched in 2011 to serve
voters who live far away from a polling station, or those who would be thruway. 

According to Teague and Halderman, their proof-of-concept scrutiny
made it possible to intercept and manipulate votes … though the same attack
would also have succeeded against the real voting server,” the pair wrote in analysis.


“The attack works if a voter uses iVote from a malicious
network – say, from a WiFi access point that has been infected by malware.
“In our demonstration, the malicious network injects code
that stealthily substitutes a different vote of the attacker’s choosing. We
also show how the attacker can steal the voter’s secret PIN and receipt number
and send them, together with the voter’s secret ballot choices, to a remote
monitoring server.” 

The iVote platform was discovered to be exposed to man-in-the-middle
attacks. According to researchers, the voting
website uses a safe SSL configuration, it includes JavaScript from an external
server that is used to track site visitors and including FREAK attack.
 Teague reported that the
system may be targeted by attackers from anywhere in the world acquiring
sufficient but not enormous levels of skill could automate the hacking.
According to Teagu, the iVote patching process had merely
disruptive vulnerability and that more could remain undiscovered

As reported by NSW chief information officer Ian
Brightwell, iVote system could not guarantee the security of the voting system
due to inherent risk in all paper and electronic voting mechanisms.

CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Opinion

Password Cyberattack: Everything You Need to Know

November 7, 2023

Industrial Cybersecurity

Cybersecurity Awareness Month: Spotlight on ICS/OT Security

September 28, 2023

Opinion

How to Protect IoT Devices in Critical Infrastructure Networks

September 15, 2023

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training

Related Articles

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Choose Training