The Russian voting system for Moscow's municipal elections
This is considered to be a first at this level. Indeed, the security flaw was discovered by a French computer security researcher. The most intriguing thing in history is that the voting system was based on a blockchain system. Indeed, it is considered to be a safe technology. It seems that this is now to be put into perspective.
This article may also interest you: ESET discovers a spy software called "Varenyky"
The voting system in question was designed by a Russian national institution specifically "the Moscow Information Technology Department". It was expected that the voting system would be put into service precisely on September 12. This was to coincide with the official vote. For a specific period of 12 hours.
It was anticipated that, at the time of deployment, once the system was active, the population would be able to vote regardless of where it was via the phone, personal computer or any other device with Internet access. The system allows them to identify themselves cryptographically via the Ethereum blockchain interface.
It is a system that extends to everyone whether it is people being there in Russia or travelling outside the country. All you had to do was register in advance. This had the merit of encouraging people who abstained from voting. When the system is deployed, it will be the first computer system that will have allowed Internet voting in the city of Moscow. Especially as the vote on which it will be tested in the presence of several legal constraints.
For the flaw that has been discovered, it is noted that a fix is being prepared to be proposed as soon as possible. The system was tested by a French cybersecurity specialist. He had the opportunity to sift through the lines of code in this program. This is possible because the program had published its source code on the GITHub platform during the month of July and had asked where to look to help them find potential flaws.
The department responsible for the design of the system, after the discovery of the fault automatically set up a team to fill it. It then proposes as an alternative use of a private security key. Asked about the alternative of the key, the spokesperson of the institution admits: "We strongly agree that the private key length of 256×3 is not sufficient… This implementation was only used during a trial period. In a few days, the length of the key will increase to 1024.».
The researcher behind the discovery of the fault also claims not to understand the choice of the department responsible for the design of the system because he believes that the security measure proposed by this institution is particularly weak. He states with certainty that the use of the private key of a 1024-bit length will not suffice. Attivo Networks expert Chris Roberts says he doesn't understand the choice himself. "Why would the developers of the platform choose a low length in the first place is obviously a question. Is it a lack of knowledge and understanding? Or just try to maximize speed and efficiency or something else."
Now access an unlimited number of passwords: