Researchers at MIT say the voting app Voatz, which is being used by at least 4 states in the 2020 elections, has major security flaws that could allow an attacker to intercept and alter votes, while making voters think their votes have been cast correctly, or trick the votes server into accepting connections from an attacker.
Here’s the MIT research paper on Voatz.
Excerpt from Kim Zetter’s reporting for VICE:
An attacker would also be able to alter the user’s vote and trick the user into believing their vote was transmitted accurately, researchers from the Massachusetts Technology Institute write in a paper released Thursday.
The app, called Voatz, also has problems with how it handles authentication between the voter’s mobile phone and the backend server, allowing an attacker to impersonate a user’s phone. Even more surprising, although the makers of Voatz have touted its use of blockchain technology to secure the transmission and storage of votes, the researchers found that the blockchain isn’t actually used in the way Voatz claims it is, thereby supplying no additional security to the system.
Read the full report at VICE NEWS:
‘Sloppy’ Mobile Voting App Used in Four States Has ‘Elementary’ Security Flaws
[Kim Zetter Feb 13 2020]
Worth noting that in addition to today’s MIT research warning of significant vulns in Voatz, we also have a DHS report that found no evidence of malicious activity but plenty of recs for improved security. Voatz hadn’t previously made any reports public.https://t.co/4WEqslXXxp
— Kevin Collier (@kevincollier) February 13, 2020
Another reminder that in 2018 Voatz boasted on their website that Qualys provided a security audit. For Qualys they linked a free SSL certificate checker as proof they were secure (screenshot) which completely misunderstands third party security auditing. pic.twitter.com/zGKhAIT1gP
— Kevin Beaumont (@GossiTheDog) February 13, 2020
Election security is hard enough without snakeoil salesmen like Voatz trying to distract election officials into buying inherently defective products like Internet voting schemes.
— matt blaze (@mattblaze) February 13, 2020
You can tell more about the security of a product from the reaction by the vendor to a vulnerability than from the vulnerability itself. By this measure, Voatz has failed miserably. They have squandered any reason anyone might have had to trust them.
— matt blaze (@mattblaze) February 13, 2020
So Voatz did a press call this afternoon where they:
* Said paper was “riddled with holes”
* Didn’t offer evidence of researchers’ supposed malicious agenda
* Declined to name their outside auditors, citing terms of the NDA they wrotehttps://t.co/7xReuDtvFN
— Eric Geller (@ericgeller) February 13, 2020
When an MIT study showed Voatz e-voting software to be a security dumpster fire, the company apparently had the ingenious idea to attack the researchers and accuse them of being publicity hounds. https://t.co/6JtCeaKmfX
— Karl Bode (@KarlBode) February 13, 2020
Now acquitted by the Senate, the president can glibly admit to what he was accused of. In a chat last night with Geraldo Rivera, Donald Trump says he sent Rudy Giuliani to Ukraine to dig for dirt on political opponents, a fact he insisted was not so during his impeachment trial. “Here’s my choice: I […]
Blockchain: In Amazon.com and Bezos victory, judge orders Pentagon to temporarily stop JEDI contract
A U.S. judge on Thursday ordered the Pentagon to temporarily halt work on the cloud computing ‘JEDI’ contract, in what represents a major win for Amazon.com and Jeff Bezos.
Become the best binge-watcher on the block when you add this sweet smart TV to your living room. Not only is this LG television big—hello, 86″—but it’s also packed with cutting-edge tech that will finally justify all those hours you spend watching The Mandalorian. Why not take advantage of Presidents’ Day sale pricing and snap […]
Canned air is a big help in dusting tight spaces, particularly keyboards, shelves or servers. But the first thing you should know about canned air is that it’s not air at all. More likely, what’s blowing out of that bottle is fluorocarbons or other mildly toxic substances. Luckily, there’s an easy alternative: The X3 Hurricane […]
With the rise of the gig economy, it’s easier than ever to either make extra money or work on something you’re passionate about. If one of your passions happens to be photos—taking or editing them—you’ve got lots of options for jumping in, including starting your own business. Seriously. Even with no prior experience, you can […]