Execução de código arbitrário na urna eletrônica brasileira

Diego F. Aranha; Pedro Barbosa; Thiago N. C. Cardoso; Caio Lüders; Paulo Matias

doi:10.5753/sbseg.2018.4243

Diego F. Aranha Unicamp / UFCG / Hekima / UFPE / UFSCar
Pedro Barbosa Unicamp / UFCG / Hekima / UFPE / UFSCar
Thiago N. C. Cardoso Unicamp / UFCG / Hekima / UFPE / UFSCar
Caio Lüders Unicamp / UFCG / Hekima / UFPE / UFSCar
Paulo Matias Unicamp / UFCG / Hekima / UFPE / UFSCar

DOI: https://doi.org/10.5753/sbseg.2018.4243

Abstract

Multiple serious vulnerabilities were detected during the last Public Security Tests of the Brazilian voting system. When combined, they allowed to compromise the main security properties of the system, namely ballot secrecy and software integrity. The insecure storage of cryptographic keys, hard-coded directly in source code and shared among all machines, allowed full content inspection of the software installation memory cards, after which two shared libraries missing authentication signatures were detected. Injecting code in those libraries opened the possibility of having complete control over the machine. As far as we know, this was the most in-depth exploitation of an official large-scale voting system ever performed during severely restricted tests.

References

Amato, F., Oro, I. A. B., Chaparro, E., Lerner, S. D., Ortega, A., Rizzo, J., Russ, F., Smaldone, J., and Waisman, N. (2015). Vot.Ar: una mala elección. [link].

Aranha, D. F., Karam, M. M., Miranda, A., and Scarel, F. (2014). Software vulnerabilities in the Brazilian voting machine, pages 149–175. IGI Global.

Aranha, D. F., Ribeiro, H., and Paraense, A. L. O. (2016). Crowdsourced integrity verification of election results - An experience from Brazilian elections. Annales des Télécommunications, 71(7-8):287–297.

Basili, V. R. (1992). Software modeling and measurement: The goal/question/metric paradigm. Technical report, University of Maryland at College Park, MD, USA.

Calandrino, J. A., Feldman, A. J., J. A. Halderman, D. W., and H. Yu, W. P. Z. (2007). Source Code Review of the Diebold Voting System. Available at [link].

Gonggrijp, R. and Hengeveld, W. (2007). Studying the Nedap/Groenendaal ES3B voting computer: A computer security perspective. In EVT. USENIX Association.

Levin, I. O. (2005). Sapparot-2: Fast Pseudo-Random Number Generator. [link].

Marsaglia, G. (2003). Xorshift RNGs. Journal of Statistical Software, Articles, 8(14):1–6.

Rivest, R. L. (2008). On the notion of ‘software independence’ in voting systems. Philosophical Transactions of the Royal Society of London A: Mathematical, Physical and Engineering Sciences, 366(1881):3759–3767.

TSE (2009). Acompanhamento da execução do Plano de Teste. [link]

TSE (2014). Sistema Eletrônico de Votação. Perguntas Mais Frequentes. 2ª Edição. [link].

TSE (2016). Teste Público de Segurança do Sistema Eletrônico de Votação: Compêndio. [link].

TSE (2018). Respostas às vulnerabilidades e sugestões de melhorias encontradas no teste público de segurança 2017. [link].

van de Graaf, J. and Custódio, R. F. (2002). Tecnologia Eleitoral e a Urna Eletronica – Relatório SBC 2002. [link].

Wolchok, S., Wustrow, E., Halderman, J. A., Prasad, H. K., Kankipati, A., Sakhamuri, S. K., Yagati, V., and Gonggrijp, R. (2010). Security analysis of India’s electronic voting machines. In ACM Conference on Computer and Communications Security, pages 1–14. ACM.