Monday, November 23, 2009

Brazilian Voting Machine Attacked Via Radio Monitoring

I'd like to make one point before diving into the details. And this is the reason why I am posting this story. Attackers are very clever. If you are designing a critical system that will be exposed to large numbers of people or handle sensitive transactions, then make sure you are approaching security correctly. Develop threat models, ensure secure design practices are used, train your developers to code securely, test your application for flaws, etc. Security is an entire process and mindset, not just something you can "address at the end". If you skip out on any of these items then it is just a matter of time before an attacker finds and exploits a security flaw.

And now, on to the story....

To test the new voting systems in place in Brazil, Tribunal Superior Eleitoral (TSE) hosted a hacking challenge. The team which most effectively violates the security of the system would win 5,000 R$.

The results are now in and it looks like the system did pretty well overall. Initially it was reported that none of the contestants were able to compromise the systems security. However, it was eventually revealed that one contestant, Sergio Freitas da Silva, was able to compromise the secrecy of votes by monitoring radio waves emitted as the user typed on the keyboard (Van Eck Phreaking)
"As I typed in the ballot box, tracked by radio to see if it detects any interference. I was able to track the interference that caused the wave, recording a WAV file with these sounds," he explains.

Sergio explained that after recording the sounds the buttons of the electronic ballot box have on the wave you can decode the sounds, which lead to the discovery of the candidates chosen by voters, shattering his confidence. [article]

There was some push back on the validity of this attack since it required the observer to be in close proximity to the system as the user typed on the keyboard. Sergio made the argument that a strong antenna and higher quality monitoring equipment would allow the attacker to observe from much greater distances.

Let's put things in perspective though. This is not a new attack. The Van Eck Phreaking attack has been documented since at least 1985 and the impacts of electronic emanations have been studied since at least the 1960s (TEMPEST). None-the-less, my hat is off to all of the contestants. Its only through challenges like this and secure code review that we can begin to uncover security flaws present in these critical systems.

-Michael Coates