Swiss government invites hackers to pen-test its e-voting system

clicks | 6 months ago | comments: discuss | tags: cryptocurrency

Article preview (bot search)

(Original link:

More security news YubiKey: Protect your Facebook, Google, and other online accounts with this hardware authentication key $145 million funds frozen after death of cryptocurrency exchange admin Linux kernel gets another option to disable Spectre mitigations iOS 12.1.4 is coming to fix the worst iPhone and iPad bug to date The Swiss government will make its future e-voting system available for a public intrusion test and is now inviting companies and security researchers to have a go at it.
"Interested hackers from all over the world are welcome to attack the system," the government said in a press release. "In doing so, they will contribute to improving the system's security."
The public intrusion test (PIT) will be held between February 25 and March 2, and cash rewards ranging from $100 to $30,000 are available, as per the table below (1 CHF is roughly 1 USD):
Minimum compensation in CHF Best Practice (uncritical optimisation possibilities)
100 Intrusion into the e-voting system
Corrupting votes or rendering them unusable
Successful attack on voting secrecy on the servers
Manipulation of votes detected by the system
Undetected manipulation of votes
30,000 - 50,000 A mock e-voting session is planned on the last day of the testing period, on March 24, but participants can attack the e-voting system before that, as well.
To participate, companies and security researchers will have to sign up in advance of the PIT session's official start. Signing up will give participants the legal permission to attack the system, will ensure the cash rewards will reach those who first report an issue, and it enforces a set of rules and restrictions on participants.
For example, some of the things that PIT participants aren't allowed to do is to carry out attacks that may harm a voter's personal device or attack unrelated systems belonging to Swiss Post, the e-voting system's maker.
Swiss Post will help out by disabling some of the security defenses that normally protect the e-voting system "to enable participants to concentrate fully on attacking the core system."
Furthermore, Swiss Post will also allow PIT participants to request as many e-voting cards as they need for their tests, and have made the source code of their e-voting system available to participants on GitLab .
Swiss authorities also hired Swiss company SCRT SA as an independent third-party that will verify the vulnerability reports that participants submit, before forwarding the vulnerabilities to Swiss Post.
The Swiss government decided to hold public penetration tests of its e-voting system to boost the confidence that these systems are secure.
At the end of January, a committee of politicians and computer experts have started an initiative to have e-voting banned in Switzerland for at least five years. This group hopes to gather over 100,000 signatures over the course of the following months to start legal procedures to have e-voting banned.
The Swiss government said the e-voting system has already gone through more than 300 private testing sessions.
Officials said e-voting would make it easier for Swiss citizens living abroad to vote. The end plan is to have e-voting as an official voting method, besides poll station and postal mail voting.
The worst cyberattacks undertaken by nation-state... SEE FULL GALLERY 1 - 5 of 12 NEXT PREV Related coverage: US Senators ask DHS to look into US government workers using foreign VPNs Pentesters breach 92 percent of companies, report claims US Senators fear Chinese-made metro rail cars could be used for surveillance
EU orders recall of children's smartwatch over severe privacy concerns
Facebook broad data collection ruled illegal by German anti-trust office China's cybersecurity law update lets state agencies 'pen-test' local companies
California governor signs country's first IoT security law CNET
The Japanese government plans to hack into unsecured IoT devices TechRepublic...