Kenya Election Result Overturned – Electronic voting Part 2

September 1, 2017 at 4:00 pm | Posted in Cyber Security, Musings | Comments Off on Kenya Election Result Overturned – Electronic voting Part 2
Tags: , , , , ,

It has been a month since I posted previously about electronic voting and my preference for pen and paper as it is more challenging to compromise that method.

https://guygrandison.wordpress.com/2017/08/01/electronic-voting-its-hard-to-hack-a-piece-of-paper/

Today it has been announced that the Supreme Court of Kenya has overturned the election result of the recent presidential election due to failures in the electronic voting system.

Now the court has not revealed if this was a result of a Cyber Attack or Data Breach and whether it was malicious or not. However, it has revealed that one of the reasons for the overturning of the result was the failures of the electronic voting system.

Given the history of “rigged” elections in some African countries I can understand the desire to go to electronic voting as it is easier than filling ballot boxes with false ballots and the mantra of “vote early, vote often.” It seems though in this case that this has failed to move by as well.

I will read the full report from the Court with interest.

Advertisements

Electronic Voting – It’s Hard to Hack a piece of Paper

August 1, 2017 at 3:00 pm | Posted in Cyber Security | Comments Off on Electronic Voting – It’s Hard to Hack a piece of Paper
Tags: , , , , ,

One topic of conversation that comes up quite regularly for me is when people discuss electronic voting machines or voting online. With arguments in favour such as it will increase turnout and that it is more accessible. However, while I work In Cyber Security I will always be against electronic voting for the simple reason of, nothing is 100% secure.

Anyone in the security industry who says that a technology is 100% protected is lying.

There are still accusations that the US elections were tampered with and those rumours will continue for many years unless evidence is found. While it is possible to commit fraud using the UK’s traditional methods of pen plus paper and postal voting. The scale and the difficulties of doing it on a large scale is incredibly difficult.

This past week has reinforced my opinions on the weaknesses of electronic voting machines. At the Ethical hacking conferences in the USA this past week, various ethical hackers and researchers were invited to try and compromise the electronic voting machines used in past elections as recent as 2015.

Within 30 to 90 minutes, every machine type gifted to them was compromised with the researchers able to change hypothetical votes, play minesweeper and have the machines play videos.

Some of the machines could even be compromised remotely via wireless networks. It has been a pretty damning set of research and reinforces the point that with current technology no electronic voting machines cannot be 100% secure.

The ability to change thousands of votes just by messing with a spreadsheet and given the risk all organisations have against insider threats these machines cannot be considered physically secure either when not used in election season.

I’ll stick to my pen and paper for the time being.

Blog at WordPress.com.
Entries and comments feeds.