The District of Columbia is testing a system to allow overseas military personnel submit absentee electronic ballots via the internet. Obviously security is a major concern and the followed a suggestion often made by the security community to open the system to the public and allow white-hat hackers to try and find exploits. Here is the account of one team who participated and found a vulnerability within 36 hours.
By formatting the string in a particular way, we could cause the server to execute commands on our behalf. For example, the filename “ballot.$(sleep 10)pdf” would cause the server to pause for ten seconds (executing the “sleep 10” command) before responding. In effect, this vulnerability allowed us to remotely log in to the server as a privileged user
As a result, deployment of the system has been delayed.
This is exactly the kind of open, public testing that many of us in the e-voting security community — including me — have been encouraging vendors and municipalities to conduct.
But it could have turned out differently. If a black-hat got there first, they could fix the vulnerability after first leaving themselves a backdoor. Then the test comes out looking like a success, it goes live, and …