Blog: D.C. Web Voting Flaw Could Have Led to Compromised Ballots

D.C. Web Voting Flaw Could Have Led to Compromised Ballots
Computerworld (10/06/10) Jaikumar Vijayan

University of Michigan researchers recently found a major security flaw in Washington, D.C.'s new Digital Vote by Mail system, which enabled them to access, modify, and replace marked ballots in the system. The shell injection flaw in the ballot upload function allowed the researchers to access usernames, passwords, and the public key used to encrypt ballots, according to Michigan professor Alex Halderman. He also says the researchers were able to install a backdoor on the server, which enabled them to view the recorded votes and the names of the voters. "If this particular problem had not existed, I'm confident that we would have found another way to attack the system," Halderman says. The Digital Vote by Mail system is designed to let military personnel and overseas U.S. civilians receive and cast ballots over the Internet using a pre-provided PIN to authenticate themselves. In response to the discovery of the security flaws, D.C.'s Board of Election and Ethics announced that voters will not be allowed to use Digital Vote by Mail to send back ballots.

View Full Article