State calls on hackers to test government site and find loopholes
The Ministry of the Interior has called on ethical hackers brought together by the French start-up Yogosha to test the security of the MaProcuration.gouv.fr site. It allows you to pre-fill an electoral proxy request.
Flaws have been detected but they are not “neither numerous nor critical”, clarified the ministry quoted by the company.
The MaProcuration site, created in 2021, allows first steps to be taken online after authentication on the FranceConnect site. You must then go to a gendarmerie, a police station or a consulate to prove your identity. MaProcuration.gouv.fr therefore processes personal data highly sought after by hackers, hence the ministry’s decision to test its resistance to data theft attempts.
In order to detect and eliminate vulnerabilities, the ministry organized a bug bounty with Yogosha for two months. The principle is to use selected ethical hackers to identify the risks. If a hacker discovers a vulnerability, he receives a bounty. Otherwise, the organizations have nothing to pay.
Yogosha, a platform specializing in the bug bounty concept, relies on a community of independent ethical hackers. Companies and organizations are increasingly using these so-called ethical hacking or “redteam” services, where experts take on the role of cyberattackers.
“For us, the bug bounty was really complementary to the other security tests and allowed us to discover several flaws, which had not been seen before in the application. That said, the flaws were neither numerous nor critical, which demonstrates that we had worked seriously”said David Crochemore, a ministry official, quoted by Yogosha.