Hacking Email Voting: Convenience Comes with a High Price

Technology is engulfing our society. An example of this would be the ability to cast your vote in elections by an email. Without a doubt, there are some great advantages to it. Whether you’re traveling abroad or simply cannot personally attend, it’s easy to understand why voters would prefer it over the old-fashioned voting process.

What doesn’t usually cross people’s minds is the possibility of vote hijacking or manipulation. In a recent paper, researchers Dan Zimmerman and Joe Kiniry of Galois, examine just that. In the report, they claim that online voting by email “permits a single hacker to remotely manipulate the outcome of any election.” As you download the ballot, or send your answers in, the data flows through a number of unknown computers on its way back to the government.

The vote can be modified by:

  • Infecting the PDF voting ballot on its way to you
  • Viruses already on your computer can be used to change your vote
  • Intercepting the traffic on its way out

This way, the outcome of an entire election can be changed by essentially a single hacker. The team say that by hacking your router (which can be done from anywhere in the world) and changing its software, an attacker can easily change your vote on its way out. What’s worse, this action can be automated and applied to large amounts of voters, thus altering the outcome of the election. Galois says developing an effective method to pull of this sort of attack only took a couple of days and is almost impossible to detect.

Although there’s some convenience benefits to online voting, it might just be a better idea to vote the “good ol’ way” – by appearing in person as our ancestors did for ages.