The Swiss government will make available its future electronic voting system for public penetration tests, and now invites companies and security researchers to participate in it.
“Interested hackers from all over the world can attack the system,” the government said. “At the same time, they will contribute to improving the security of the system.”
The public penetration tests (PIT) will be carried out from February 25 to March 2, and cash prizes in the amount of $ 100 to $ 30,000 are available according to the following table (1 CHF is approximately $1):
|Category||Minimum compensation in CHF|
|Best Practice (uncritical optimisation possibilities)||100|
|Intrusion into the e-voting system||1,000|
|Corrupting votes or rendering them unusable||5,000|
|A successful attack on voting secrecy on the servers||10,000|
|Manipulation of votes detected by the system||20,000|
|Undetected manipulation of votes||30,000 – 50,000|
On the last day of the trial period, on March 24, a fictitious electronic voting session is scheduled, but participants can also attack the electronic voting system.
To participate, companies and security researchers must register before the official start of the PIT session. The registry will grant participants legal permission to attack the system, ensure that they receive cash rewards for those who report the problem for the first time and ensure compliance with a set of rules and restrictions for participants.
For example, some of the things that PIT members cannot do is carry out attacks that could damage the voter’s personal device or attack unrelated systems belonging to the Swiss Post, the creator of the electronic voting system.
The Swiss Post will help you by deactivating some protections that generally protect the electronic voting system, “so that the participants can concentrate fully on attacking the main system”.
In addition, the Swiss Post will also allow PIT participants to request as many electronic voting cards as they need for their exams, and provided the source code of their electronic voting system to GitLab participants.
The Swiss authorities also hired the Swiss company SCRT SA as an independent third party that will review the vulnerability reports that the participants send before sending the vulnerabilities to the Swiss Post.
The Swiss government has decided to conduct public penetration tests on its electronic voting system to increase confidence in the security of these systems.
At the end of January, a committee of politicians and computer experts took the initiative to ban electronic voting in Switzerland for at least five years. This group expects to collect more than 100,000 signatures in the coming months to begin legal proceedings to prohibit electronic voting.
The Swiss government has declared that the electronic voting system has already passed more than 300 private tests.
According to officials, electronic voting will facilitate voting for Swiss citizens living abroad. The final plan is to carry out electronic voting as an official method of voting, in addition to voting at the polling station and by mail.