Decentralise I T

Ex-IAS Kannan Gopinathan exposes ECI's Voter Portals Vulnerabilities, Demands Urgent Fix

  • Ex-IAS Kannan Gopinathan exposes ECI's Voter Portals Vulnerabilities, Demands Urgent Fix  https://www.youtube.com/watch?v=y8NQBHvchlw   Sep 27, 2025 The ECI's voter portals failed the Mozilla Observatory score was 15/100 (F). A big whooping F. Kannan Gopinathan demands immediate attention by the ECI  
  • The tweet is https://x.com/naukarshah/status/1970670963634082192   Dear @ECISVEEP , after the Aland mass-deletion attempt came up, I ran a security review of your VHA app and voters portal at voters eci gov in. 
      The Mozilla Observatory score was 15/100 (F). A big whooping F. The Content-Security-Policy header is invalid. CSP is effectively disabled.  
      There is no HSTS. Session cookies lack SameSite.   
      Your apps render the portal inside WebViews. That amplifies every server-side flaw and makes attacks practical.  As sensitive as a service like voter enrolment and deletion, and this is how you guys half-ass it?   
      
      Using public money to make a mockery of voter services and not even doing a basic security review before going live? Fix accountability.  If it is negligence or incompetence, fire whoever is responsible immediately. They are not competent to run this.   
      
      If it is deliberate, pursue criminal investigation to the fullest extent.   
      Take the enrolment and deletion services offline until a full  independent security audit and remediation are complete.  
      
      Preserve and export all forensic artifacts now: CDN, load-balancer, DB audit and SMS gateway logs. Compute and publish SHA-256 hashes and issue a 65B certificate for the exports so CID can forensically examine them.

Last 10 articles in this website

Blogs

E-library