The Superior Electoral Court (TSE) closed this Friday (13) the second phase of the public security test (TPS) of the electronic system for this year’s elections. The test is a standard procedure performed since 2009.
According to the court, the vulnerable points that were found by the investigators in the first phase, held in November last year, were corrected and the secrecy of the vote and the totalization of the investigation were not violated.
In the security test, the TSE, the body responsible for the elections, invited investigators from several institutions to carry out 29 plans to attack the electronic voting equipment.
Attempts to circumvent the security system took place through the availability of the source code, a procedure in which the court hands over to the participants the key for programming the machines that make up the urn, such as the components that make the reception and transmission and verification of the wishes.
In November last year, of the 29 attacks, five were successful, but none of them managed to attack the software responsible for the operation of the ballot box and the application for storing the names of voters and candidates.
At the time, Federal Police (PF) experts entered the TSE data network, but were unable to change system data.
Other teams of investigators considered that it would be possible to introduce a false panel in front of the ballot box, with the aim of breaking the secrecy of the vote. In addition, the secrecy of the vote of people with visual impairments could also be broken in the case of coupling a bluetooth device to the headphone output.
Investigators were also able to bypass a security barrier in data transmission, but were stopped by another security door on the court’s network.
After the first phase, the TSE gathered its technicians to seek solutions to the problems found by the investigators and present them this week, in the second phase of the TPS.
According to Sandro Nunes Vieira, assistant judge for the presidency of the TSE, the investigators repeated the attacks, but were not successful, because all five vulnerabilities were fixed. According to Vieira, the secrecy of the vote and of the entire system was not violated in the two phases of the tests.
“The attack plans that were successful in November, have had improvements implemented by the TSE, and the problems found by investigators in the first phase of the test have been solved”, said the judge.
The first round of elections will be held on October 2 to choose the President of the Republic and governors, senators, federal, state and district deputies. In an eventual second round in the presidential race and in the election of governors, the new vote will be on October 30.
