The UK’s conservative party has been forced to delay voting for the country’s next prime minister after the Government Communications Headquarters (GCHQ) issued a cyberattack warning, The Telegraph reported on Tuesday.
According to the outlet, postal ballots that were supposed to have been sent out to around 160,000 Tory members on Monday could now arrive as late as mid-August due to voting security updates amid hacking concerns.
While there has been no mention of any particular hostile group or state that could be behind the cyberattack, the National Cyber Security Center (NCSC) warned that the ballots, which feature a unique QR code, were vulnerable to manipulations that could change the votes of scores of party members.
The voting process for the latest UK leadership contest marks the first time Tory members can vote either by post or online. But, in addition to the ability to vote online, Conservative party members were also for the first time being allowed to change their vote at a later time during the contest.
However, as pointed out by the NCSC, this new feature could leave open the possibility that cyber hackers would be able to change a large number of the votes near the end of the contest by obtaining the unique QR codes featured on the postal ballots. Specifically, the agency suggests that someone’s code could be leaked online if they posted a picture of their ballot with the code visible in the picture.
In light of this vulnerability, the new law allowing Tories to change their internal party vote has been scrapped and the unique code featured on the ballots will now be deactivated once they cast their decision.
According to a new YouGov survey, Tory membership polls currently have Rishi Sunak trailing Foreign Secretary Liz Truss, who has an estimated 60% of the vote compared to the former chancellor’s 26%. The result of the vote is expected to be announced on September 5.