SysTest review shows problems in AES source code
The Computer Professionals Union (CPU) and Kontra Daya today came out with information on the contents of the review conducted by SysTest on the source code that will be used for the automated polls. The review exposes several problems in the source code that have heretofore not been publicly discussed or admitted by Comelec.
Some findings include:
- Source codes for database transactions that include possibilities of being improperly terminated.
- “At least one instance of an implemented database transaction completely lacking in the logic required to commit its database changes”
- The pattern of miswritten exception handling and erroneous transaction terminating logic is so widespread that it appears that the system authors used an incorrectly written template for such source code logic.
- “… the vendor made no efforts to correct any constructs not specifically identified to them.”
- Commands to add, update and delete existing database records lack enclosing transaction logic which may affect database contents and may possibly result in database integrity and other corruption issues.
- Lack of thorough functional path testing conducted
- Duplicate package class names between REIS and EMS project which can confuse developers
- Source codes are not properly commented. “The Ballot Production source code modules as submitted on 8 Feb 2010 did not have within themselves one single comment or internal documentation.”
- “Several of the logging functions in the Smartmatic CCS project appear to omit the inclusion of the time and date from the logged messages.” This omission can result to audit log entries.
- Election Management Software (EMS) is susceptible to SQL injections.
- Possibility of unencrypted passwords being stored in the EMS database.
- At least one instance of encryption keys found to be explicitly coded into the source code which can potentially reveal them to anyone.
- Source code still has remnants of programmer unit test code.
- Usage of different numeric variable types during mathematical computations.
- Inaccurate memory management in the Election Programming Station.
- Logs on the PCOS can be overwritten
- PCOS does not log events when feeding ballots.
- “The reviewer was unable to verify that identity of the contacted wireless device was logged when the resident device made a connection.”
- Vote tally logic does not record undervotes in a normal fashion
- Election data may not always be properly encrypted before being stored.
- Certificate of Canvass and Statement of Votes documents are not always encrypted before transmission.
- The software inventory provided by Smartmatic is inadequate. One software “contains a solicitation for beer” for the software’s creators, which brings into question the software credibility.
- When importing data to the CCS, it can occur that security tokens are turned off, allowing access to the whole CCS.
“Erroneous programming on the database can lead to serious problems in data corruption and integrity. Transmission of data is not always encrypted and this can be exploited to manipulate results,” said Rick Bahague of CPU and Kontra Daya.
Bahague said that the source code also revealed hasty programming with inadequate comments on the source code, test variables that were not deleted, and inaccurate memory management. It also found that audit log entries are not always recorded with proper timestamp.
“There is also some concern on how the machine will read undervotes. The review cautioned the non-standard treatment of undervotes which can lead to exclusion of such votes during counting,” Bahague said.
“While the Systest review pointed out “minor” errors, it has strongly recommended operational safeguards which if not properly implemented will seriously affect the accuracy of the results,” he added.
DOWNLOAD REPORT HERE