The Ministry of the Interior has called in ethical hackers. The latter, brought together by the French start-up Yogosha, tested the security of the MaProcuration.gouv.fr site, which allows you to pre-fill an application for an electoral proxy, Yogosha said on LinkedIn.
Flaws were detected but "neither numerous nor critical," said the ministry quoted by the company. Asked by AFP, the ministry was not available to comment on this information.
Access to this content has been blocked in order to respect your choice of consent
By clicking on "I ACCEPT", you accept the deposit of cookies by external services and will thus have access to the content of our partners
And to better pay 20 Minutes, do not hesitate to accept all cookies, even for one day only, via our button "I accept for today" in the banner below.
A hunt for security breaches
The Maprocuration website, created in 2021, makes it possible to take the first steps online after authentication on the FranceConnect website. You must then go to a gendarmerie, police station or consulate to prove your identity. MaProcuration.gouv.fr therefore processes personal data highly sought after by hackers, hence the ministry's decision to test its resistance to attempts to steal data.
In order to detect and eliminate vulnerabilities, the ministry organized with Yogosha for two months a "bug bounty", a hunt for security vulnerabilities. The principle is to call on selected ethical hackers to identify risks. If a hacker discovers a vulnerability, they receive a bounty. Otherwise, organizations don't have to pay anything, Yogosha explained. The platform specializing in these "bug bounty" relies on a community of independent ethical hackers.
A complementary approach
Companies and organizations are increasingly using these so-called "ethical hacking" or "redteam" services, where experts take the role of cyberattackers. "For us, the bug bounty was really complementary to other security tests and allowed us to discover several flaws, which had not been seen before in the application. That said, the flaws were neither numerous nor critical, which shows that we had worked seriously, "said an official of the ministry, quoted by Yogosha.
"The audacity shown by MaProcuration teams to trust ethical hackers marks a real paradigm shift in the approach to securing even the most sensitive information systems. The experience of this campaign allowed me to discover a new field of cyber risks related to sovereign issues," commented Mathieu Bouvet, one of Yogosha's managers. The company told AFP it regularly works with sovereign administrations.
- Ministry of the Interior