VULNERABILITIES WITH PROPOSED RFID E-VOTING INITIATIVE IDENTIFIED BY ALGOSEC CTO

Research Conducted at Tel Aviv University by Dr. Avishai Wool Reveals Multiple Attack Vectors for Disrupting New Voting Technology

Reston, VA, April 20, 2010 – Dr. Avishai Wool, co-founder and CTO of AlgoSec®, the leading provider of firewall operations and security risk management solutions, recently identified a number of vulnerabilities associated with a new RFID-based Israeli e-voting system. From labs in the School of Electrical Engineering at Tel Aviv University where he is also a professor, Dr. Wool and his students uncovered the vulnerabilities after security testing and analysis of the new e-voting system.

Under the proposed e-voting system, introduced by the Finance Ministry last year, voters hold an empty smart card against a voting terminal (computer) as they select their desired candidates. Through RFID, the empty smart card is populated with the cardholder’s votes. Upon completion, the voter inserts the smart card into a ballot box whereby election officials verify if there is a discrepancy between the figures recorded by the computer and those in the smart cards.

Dr. Wool, who has also assisted in securing RFID technology used today in American passports, and his team built homemade hacking devices out of simple, cheap materials like disposable cameras and copper pipes from cooking appliances that were capable of disrupting the cards' radio frequency (RF) signals. Their work was presented at the IEEE RFID conference in Orlando, FL, just last week.

“RFID-based e-voting is not used in any other country and there’s a reason: at its current stage, the technology is simply not secure enough,” said Dr. Wool. “For all its technological sophistication, the system can quickly be rendered useless by even amateur hackers with minimal RF knowledge and a few household materials.”

In his lab, Dr. Wool and and hist students Yossi Oren and Dvir Schirman assembled three different attack mechanisms for disrupting the new e-voting technology. One mechanism was an RFID “zapper” made from a disposable camera. Dr. Wool and his team replaced the camera’s bulb with an RFID antenna to create an electro-magnetic pulse capable of destroying data on nearby RFID chips such as ballots. "In a voting system, this would be the equivalent of burning ballots — but without the fire and smoke," said Dr. Wool.

A second attack “jammed” the radio frequencies that read the smart card. The card’s transmissions though designed to be read by a receiving antennae no more than 2 inches away, can be blocked from more than 20-30 meters away using a low-energy transmitter powered by something as simple as a car battery. In this way, entire voting centers could feasibly be taken offline by hackers across the street.

Another, much more sinister and sophisticated attack demonstrated by Dr. Wool is a “relay attack” which confuses a voting station into believing it is communicating with an RFID ballot when in fact it is being sent a false communication from a hacker using homemade transmission equipment.