Do Trojan horse and watering hole attacks pose a risk to e-voting?

Do Trojan horse and watering hole attacks pose a risk to e-voting? 31.05.2018

Patrick Pleinevaux, Principal Security Architect, Kudelski Security.

Malware attacks are common on the Internet and they can take different forms. Here we will look at Trojan horse and watering hole attacks in the context of e-voting. Article by Patrick Pleinevaux, Principal Security Architect, Kudelski Security.

Trojan horse and watering hole attacks

A Trojan horse attack uses a malicious application that Internet users download and install without realizing that it will secretly spy on what they are doing. Such attacks are common on smartphones and tablets, particularly on Android, but can also be carried out on personal computers such as Windows or Macs. A Trojan horse attack may be of interest to an organization seeking to influence an electronic vote or election because it can target a specific group more easily than a phishing attack.

A second type of attack that is equally difficult to detect uses a method called the “watering hole”. This involves corrupting a legitimate website – for example, a regional or national newspaper – in order to compromise the computers of visitors to the site. Once compromised, the computer runs malware which can spy on the user’s actions, change the information sent by a PC or render the whole computer unusable. Such attacks have been used for years, mainly to compromise Windows PCs without the victim realizing what is happening. The name “watering hole” is a reference to the ambushes carried out by wild animals on their prey near watering holes, places the prey have to use.

Does this pose a risk to e-voting?

In the case of e-voting, attackers might have two objectives:

  1. To find out how somebody has voted.
  2. To change a vote.

Could ballot secrecy be violated on a PC, smartphone or tablet? Yes, it could, by using malware in attacks such as the ones described here. A significant breach of confidentiality is nevertheless unlikely for the following reason: the large number of voting channels available makes such attacks expensive for attackers. They would have to simultaneously attack Android smartphones, iOS smartphones, Windows PCs and Macs, which involves a great deal of work as methods vary for the different platforms. Secrecy is not completely guaranteed when we vote by post or push our envelope through the municipality’s letter box either. There is nothing to prevent the ballot from being intercepted.

As far as the integrity of the vote is concerned, it would be extremely difficult for an attacker to change the vote on the terminal used, whether it is a PC, tablet or smartphone. The protocol used by a system with individual verifiability and various codes inserted at different stages of the vote makes it almost impossible for attackers to succeed. Voters are able to detect any vote manipulation by comparing the choice codes displayed on the screen with those on the voting card. It would also be extremely expensive for attackers, seeing as they would need to attack a large number of people to make an impact on the outcome of the election or vote.

How to avoid becoming a victim to such an attack

Rules to follow so that you avoid becoming a victim of such an attack during e-voting:

  1. Use the verification codes properly as explained in the blog on phishing.
  2. Do not download applications onto smartphones or tablets from unofficial app stores. Most Trojan horses used to attack these devices are found in unofficial app stores.
  3. Do not download programs onto PCs or Macs from little-known sites, however interesting they may seem.
  4. Always install security updates on your devices (smartphones, tablets, PCs and Macs) as soon as they become available. “Watering hole” attacks exploit vulnerabilities in software, regardless of whether it is a browser or an operating system.