Ethical hackers invited to stress test election infrastructure
Switzerland’s federal postal service is inviting ethical hackers to test its electronic voting (e-voting) system for vulnerabilities in the latest installment of its bug bounty program.
Swiss Post is asking bug bounty hunters to attack its online voting infrastructure for a period of four weeks, with the aim of identifying security flaws.
A maximum bounty of CHF30,000 ($31,500) will be awarded for accepted bug submissions, which will be managed by France-based vulnerability disclosure platform YesWeHack.
This latest round of tests will run until September 2, 2022. Hackers will encounter the very same infrastructure that will be used when the system goes live, says Swiss Post.
Swiss Post will provide sample voting cards for the public intrusion test, enabling bug hunters to simulate the vote casting process accurately on the voting portal and carry out a targeted attack on the system.
“This means that, for the first time, they can accurately simulate and target the vote casting process on the voting portal using sample voting cards,” a press release from Swiss Post reads.
As previously reported by The Daily Swig, the Swiss government announced it would invite ethical hackers to stress test its e-voting systems back in 2019.
The same year, the Swiss Federal Council suspended its plans to bring e-voting into regular operation in Switzerland after concerns surrounding the security and integrity of one online voting system were raised.
Swiss Post later announced it would open up the source code and invite hackers to test its online voting system. However, this was shut down before the planned public intrusion test had even started after the discovery of flaws that could lead to undetectable vote manipulation among other shortcomings.
Swiss Post expects its e-voting infrastructure to be ready for use by 2023.