BERLIN (Reuters) - Germany’s election chief has urged state officials to address vulnerabilities in vote collation software, just weeks before a Sept. 24 election that officials fear could be subject to foreign interference.
Germans will vote on paper at polling stations or by mail in advance and the ballots will be counted and entered into a computer system, but two news reports published on Thursday cited concerns about the software, particularly the lack of an authentication step when results are transmitted.
Die Zeit said Martin Tschirsich, a 29-year-old computer expert, had been able to find passwords on the internet to gain access to the maintenance program for the “PC-Wahl” (PC-Election) software, which would allow it to be manipulated.
“The election is not secure. It can be hacked,” he told the weekly newspaper.
Similar concerns were raised by another IT expert in the online version of Der Spiegel magazine.
The reports come after repeated warnings from government officials that Russia could try to interfere in the election. French and U.S. intelligence officials say Moscow sought to influence recent votes there.
Russia denies the accusations.
Responding to the media reports, Federal Election Director Dieter Sarreither said he was familiar with the problems identified and had asked state officials and the software company, vote-iT, to take steps to shore up security.
vote-iT had no immediate comment.
The measures Sarreither demanded include the mandatory installation of software patches and the development of new steps aimed at ensuring the authenticity of the election results sent digitally, perhaps through telephone calls.
That would ensure that any errors in data transmission are recognized and corrected before preliminary election results are released, Sarreither said, adding that actual results could not be manipulated as they were based on paper ballots.
The security of the data was more important than the speed with which results were released, his office said.
Germany’s federal cyber protection agency, BSI, said it had worked closely with election officials and the software manufacturer to improve the security of election results.
“In the future, only information technology based on BSI-certified software should be used for election processes,” BSI chief Arne Schoenbohm said.
Reporting by Andrea Shalal; Editing by Robin Pomeroy