A Swiss E-Voting Mystery: USB Glitch or Sabotage? Imagine that you're a member of an electoral board, and the cryptographic materials required to decrypt votes, coming from an e-voting system, are stored on a USB key that happens to fail. But wait...because another USB key fails, and then another one...That's precisely what happened in the Swiss canton of Basel, now under a criminal investigation for possible electoral fraud. A glitch, or something else? Let's try to untangle an interesting incident involving cryptography, politics, e-voting, and USB keys. Index Swiss Post E-Voting System The Basel Incident USB keys: a prominent attack vector. What did these 3 USB keys contain? A plausible scenario Once-in-a-lifetime Glitch or Sabotage? Conclusions Summary The reason I'm writing about this incident is because in recent years I've spent a significant amount of time studying and trying to break the Swiss Post e-voting system, which was u...
TL;DR This post describes the conditions and technical details that enable Adversary-in-The-Middle (AiTM) attacks against Signal when Censorship Circumvention is enabled. However, despite the ability to decrypt TLS traffic between the target and the Signal backend, the end-to-end encryption (E2EE) scheme implemented by Signal prevents attackers from accessing user content such as conversations, audios, attachments, etc., which remains securely encrypted. In simple terms, enabling Censorship Circumvention does not affect the E2EE layer. The resources required to exploit these issues are limited to nation-states. Unless you’re either a high-value individual (or part of their inner circle) for a nation-state/state-sponsored actors, or a citizen/journalist/activist in an authoritarian country that is closely aligned with others possessing, let’s say, certain expertise, you’re realistically nowhere near being a potential target. Censorship circumvention may not be perfect, but it is vi...