Reversemode

A Swiss E-Voting Mystery: USB Glitch or Sabotage? Imagine that you're a member of an electoral board, and the cryptographic materials required to decrypt votes, coming from an e-voting system, are stored on a USB key that happens to fail. But wait...because another USB key fails, and then another one...That's precisely what happened in the Swiss canton of Basel, now under a criminal investigation for possible electoral fraud. A glitch, or something else? Let's try to untangle an interesting incident involving cryptography, politics, e-voting, and USB keys. Index Swiss Post E-Voting System The Basel Incident USB keys: a prominent attack vector. What did these 3 USB keys contain? A plausible scenario Once-in-a-lifetime Glitch or Sabotage? Conclusions Summary The reason I'm writing about this incident is because in recent years I've spent a significant amount of time studying and trying to break the Swiss Post e-voting system, which was u...

Exactly two years ago I brought my blog back to life, after many years of hiatus, with " Finding vulnerabilities in Swiss Post’s future e-voting system - Part 1 ". That was the first of a series of blog posts covering that system. During these two years I've been periodically assessing the security posture of this e-voting solution, as part of their Bug Bounty program , which I personally recommend.   Since the first time I reviewed their codebase a lot of things have changed, for good, as many areas have been dramatically improved. To be honest, from a security perspective the codebase back then was kind of a mess.   When the first Swiss Post e-voting platform was published, back in 2019, it faced some public scrutiny, mostly from the academic community.  As a result, some significant issues were uncovered , so eventually Swiss Post decided to suspend the deployment of the system. That first version had been developed by Scytl , Spanish company specializ...