Cyber security association warns against PVC hacking
National President, Cyber Security Association of Nigeria (CSEAN), Mr. Remi Afon has said the Permanent Voters Card (PVC) issued by the Independent National Electoral Commission (INEC) is prone to hacking.
Remi said except the commission improve on its cyber security measures, the PVC could be hacked by cyber criminals for the benefit of selfish politicians.
The CSEAN President disclosed this at the recent eNigeria 2015 conference organised by Nigeria Information Technology Development Agency NITDA in Abuja.
In the topic titled, \’Contending The Next Cyber Security Threat in Nigeria, Hack The Vote\’, Afon explained that the Android Operating System 4.2.2 currently adopted by INEC was prone to alteration, stressing that a blank card could be used to copy information on an already existing PVC.
\’As politicians and political parties have their eyes and ambitions on general election come 2019, what many do not know is that come election day, hackers could be the ones whose votes have the biggest impact.
\’Android 4.2.2 is known to have multiple vulnerability. Android master key vulnerability is a critical condition that affects an estimated 99 per cent of the android devices in operation. It could allow attackers to use exploit code to easily infect devices with a malware.\’ Afon said.
In what he described as cryptography, the CSEAN stated that the card reader reads embedded chip on the PVC, shares secret code with the PVC but such \’crypto portion can be found and reconstructed\’.
Afon said during the PVC authentication process by the Card Reader, security researchers found that there is a way to perform man-in-the-middle attacks on chip cards by compromising the sub process, which determines the authentication required by the CR.
However, he recommended INEC should embrace a new cyber security strategy and partner certification agencies such as Standard Organisation of Nigeria (SON) to properly test CR for vulnerability.
Afon called for research into security assessment of PVC card readers and the process of voters\’ authentication with a vie of finding vulnerabilities ahead of hackers and design counter measures.
He urged the commission to avoid literary acceptance of manufacturers\’ claim on security of CR.
Afon emphasised the importance to adopt the moves ahead of the 2019 election.
He attributes cyber crime as potential threat in the forthcoming 2019 election which all political and information communication technology ICT stakeholders should be aware.