Routers can be hijacked to silently tamper with PDF election ballots before they are sent to vote counters, according to researchers from computer science firm Galois.
Daniel Zimmerman and Joseph Kiniry were able to modify byte sequences in the document to alter which form element had been selected, a technique that could be used to defraud the voting system.
They said: "Unencrypted PDF ballots sent via electronic mail can be altered transparently, potentially with no obvious sign of alteration, and certainly with no way to determine where on the network any alterations took place or the extent to which votes have been corrupted.
"This method of vote submission is inherently unsafe, and should not be used in any meaningful election."
The researchers tested various PDF readers to see if their changes were passed, with Adobe Acrobat and Apple Preview failing across three methods, while Google Chrome, Gmail and Mozilla Firefox failed in only the most sophisticated attack.
Attack code created by the pair, monitors connections on email submission ports replacing encoded strings when they are detected, with the hack said to be undetectable unless the connection is scrutinised at both ends.
"It is possible that we get unlucky, for a particular ballot/email client/network combination, and our target strings end up split across TCP packets: in such cases our attack cannot modify the ballot," they said.
"However, given typical TCP packet sizes and the relatively short lengths of the target strings, it is likely that our attack can successfully modify most ballots it encounters."
Internet voting trials in Norway collapsed in June amidst security fears and failure to improve voter turnout, with the country’s Office of Modernisation saying it would not spend money on further trials.
Prior to that Jenny Watson, head of the UK Electoral Commission, said her group would look at e-voting as part of plan to improve participation, particularly among young people.
