Return of the insecure Brazilian voting machines

The Bolsonaro-Trump Connection Threatening Brazil’s Elections
’There is no evidence of fraud’, says VVPAT-supporting professor to debunk presidential claims
In a blow to e-voting critics, Brazil suspends use of all paper ballots
Brazil’s voters worry about the integrity of their elections
Brazilian government reiterates e-voting security
Elections in Brazil: Fear of the urn

This talk presents a detailed and up-to-date security analysis of the voting software used in upcoming Brazilian elections by more than 140 million voters. It is mainly based on results obtained recently in a restricted hacking challenge organized by the Superior Electoral Court (SEC), the national electoral authority. During the event, multiple serious vulnerabilities (hard-coded cryptographic keys and insufficient integrity checks, among others) were detected in the voting software, which, when combined, compromised the main security properties of the equipment, namely ballot secrecy and software integrity. We trace the history of the vulnerabilities to a previous security analysis, providing some perspective about how the system evolved in the past 6 years. As far as we know, this was the most in-depth compromise of an official large-scale voting system ever performed under such severely restricted conditions.

Date
Mar 29, 2019
Location
USA, Singapore, Israel, Denmark