Connect with us

Hi, what are you looking for?


Application Security

Internet Voting Security Risks Highlighted by New Wireless Router Attack

Researchers have published a paper detailing a new attack method that can be leveraged to silently modify the digital ballots used in the Internet voting process.

Researchers have published a paper detailing a new attack method that can be leveraged to silently modify the digital ballots used in the Internet voting process.

In Estonia, people can vote over the Internet since 2005, but the United States has also conducted some tests over the past years. Online voting was used in Alaska in 2012 and 2014, and in New Jersey in 2012 due to the impact of the Sandy superstorm. Washington D.C. also developed a system in 2010, but the project was abandoned after it was hacked by researchers.

One of the proposed voting systems involves digital ballots in PDF format. People fill out the forms and send them via email to a specified address. The ballots are printed and counted by hand or with an optical scanner. This type of mechanism is currently used in Alaska, but it was also used in New Jersey and in Washington D.C. as a fallback system.

Attack description and implementation

Internet Voting HacksAccording to Daniel M. Zimmerman and Joseph R. Kiniry, researchers at Galois, Inc., this type of mechanism is vulnerable to several types of attacks. Malicious actors can use malware to modify or invalidate votes, and third parties can pose as the legitimate election authority or they can launch DDoS attacks against the organization to prevent votes from being cast.

However, the attack described by the researchers occurs at transport level and it involves hacking into the targeted users’ routers. The method they presented in their research paper allows the attacker to change the vote after the ballot has been sent via email to the election authority. The attack is dangerous because it’s difficult to detect by both the voter and the election authority.

In order to modify the vote casted by the user without invalidating the file, the attackers must change certain strings within the PDF. Successful tests have been conducted on several popular PDF viewer applications such as Adobe Acrobat Pro XI, Apple Preview, Google Chrome, Gmail (on all browsers), Mozilla Firefox, Safari and Skim.

The PDF documents are not tampered with while they are stored on the victim’s computer. Instead, the attack is carried out by modifying one or more TCP packets of the email attachment after it’s sent by the user’s email client and before it reaches the election authority.

Advertisement. Scroll to continue reading.

Researchers have achieved this by changing the firmware on the victim’s wireless router. For their tests, they’ve selected an off-the-shelf home router.

“Nearly all such routers on the market today are based on embedded versions of the Linux operating system and therefore, in accordance with the GNU General Public License, the source code for their firmware is freely available,” the researchers explained.

They have downloaded the source code for their test router’s firmware and made a small modification (less than 50 lines of code) to the part of the kernel that handles packet transmission.  The new firmware looks very similar to the original one. The only differences are the slower TCP connections on standard email submission ports (25 and 587), and the fact that certain sequences of bytes sent to these ports are replaced with different sequences.

Researchers believe it would take a detailed inspection of the compiled code or a detailed analysis of the router’s traffic handling to notice that the firmware is not genuine. Performance is negatively impacted, as the TCP connections to these ports are 25% slower, but the experts argue that users don’t usually monitor the speed of their outgoing messages when using email clients.

In order to get the modified firmware on the targeted router, an attacker can leverage one of many vulnerabilities, such as the recently disclosed flaw affecting ASUS routers. Another way to install the malicious firmware is to drive around in a neighborhood and gain access to network connections and router administration interfaces by leveraging the fact that many users set easy-to-guess passwords and don’t change the default credentials, researchers said.

Mitigating attacks

The researchers have suggested three possible mitigation strategies: signing or encrypting the PDF file before it’s sent to the election authority, encrypting the connection to the SMTP server, and more secure router firmware update mechanisms.

“The overall conclusion is inescapable: unencrypted PDF ballots sent via electronic mail can be altered transparently, potentially with no obvious sign of alteration, and certainly with no way to determine where on the network any alterations took place or the extent to which votes have been corrupted. This method of vote submission is inherently unsafe, and should not be used in any meaningful election,” the researcher wrote in their paper.

In Estonia, over 100,000 people used the Internet to cast their votes at the European Parliament elections in May 2014. Just two weeks before the vote, security researchers warned Estonian authorities that the system contained serious vulnerabilities which could be tempting for a state-level actor such as Russia. However, the country’s electoral commission dismissed the reports, claiming they were confident in the system’s security.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.