The Security Issues In The Indian Election System

  1. It is not only possible, but extremely easy to retrieve the PDF electoral rolls for every state and union territory in India, which contain the personal information of every registered voter.
  2. These PDFs can then be processed in a matter of minutes to produce details like Addresses, names, father’s name, gender, age and voters ID number for every single registered voter of India
  3. Nearly 25% of the Voter IDs assigned within Delhi alone fail to conform to the government format, and fail the Luhn Checksum test (explained in part 2) used to validate them. It is likely that other states are in a similar, if not worse condition.
https://gist.github.com/RaghavSood/10208333
python delhidownload.py
https://gist.github.com/RaghavSood/10209367
python delhipdftotext.py
https://gist.github.com/RaghavSood/10209858
https://gist.github.com/RaghavSood/10210034
  1. 13 alphanumeric character sequence of the order XX/00/000/000000
  2. Different parts are separated by an oblique (/)
  3. The first part consists of two letters denoting the state
  4. The second part consists of two digits denoting the parliamentary constituency
  5. The third part consists of three digits denoting the assembly constituency
  6. Finally, the fourth and last part consists of 6 digits which form a running serial
  1. 10 alphanumeric character sequence of the order XXX000000C
  2. The first three characters are letters, and represent the area in which the ID was first assigned
  3. The following six characters are a running serial
  4. The 10th character is a checksum for the first 6, calculated using the Luhn Checksum Algorithm, which is the same algorithm used to check the last digit of credit cards.
https://gist.github.com/RaghavSood/10212508
  1. Rate limit requests to their servers — While downloading all the files, I was making several requests a second to their servers, all directly hitting PDF files. This can easily be rate limited so that I cannot download with such speed.
  2. Add a CAPTCHA to their lookup form — Even without PDFs, one can find a large amount of information by using the look up form. As there is no CAPTCHA, any one can make automated requests to the page and retrieve as much information as they like
  3. Actually follow their own guidelines — The fact that nearly 25% of the new voter IDs fail their own test is a very worrisome issue. If so many invalid IDs can slip through the system unnoticed, it is entirely possible for fake IDs to be added in and never caught, or people to vote incorrectly through some other system error.

--

--

--

20 year old Author of Pro Android Augmented Reality, Blockchain researcher, developer.

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Raghav Sood

Raghav Sood

20 year old Author of Pro Android Augmented Reality, Blockchain researcher, developer.

More from Medium

What is Middleware and IOC ?

CS371p: Blog Week 9

BIM for Landscape Architecture

Blog Post 1: The Museum of Awe