new hampshire polling place

MIT Study Finds That Mobile Voting App Could Pose Cybersecurity Issues For Voters

Tech company Voatz is fighting back against research critical of its security protections, stating that researchers used an outdated version of the app and never examined Voatz servers.

As election officials increasingly consider the possibilities of online voting, particularly through smartphone apps, a new study by researchers at the Massachusetts Institute of Technology found that one app is so insecure that no state should use it in the upcoming 2020 elections.

The app, created by tech startup Voatz, is already set to be used by thousands of voters as part of a small experiment in mobile voting, according to The New York Times. But MIT researchers reverse-engineered the app to find that security flaws would allow cyber attackers to view votes being cast and potentially change ballots or block them without the user finding out.

Most concerning of all is that the hackers would be able to mess up the paper trail of how the votes were cast originally, making it difficult for elections officials to conduct a “reliable audit,” the Times wrote.

“The choice here is not about turnout but about an adversary controlling the election result and a loss of voter privacy,” the report reads, according to the Times.

Before the report was released to the media, the MIT researchers took their concerns to the Department of Homeland Security, who coordinated a series of briefings with elections officials who were planning to try out the app this year.

DHS told the Times that no one is known to have taken advantage of the flaws found by the researchers, but that the department is continuing to “work with our partners to deepen understanding of the risk.”

The debate has become especially contentious because of Voatz’s response to the claims in the MIT report. Since the report was publicized on Thursday, the company has vehemently defended its app and said that the researchers acted in “bad faith” with their research and recommendations.

“It is clear that from the theoretical nature of the researchers’ approach, the lack of practical evidence backing their claims, their deliberate attempt to remain anonymous prior to publication, and their priority being to find media attention, that the researchers’ true aim is to deliberately disrupt the election process, to sow doubt in the security of our election infrastructure, and to spread fear and confusion,” Voatz said in a statement published on Feb. 13.

The company criticized the MIT researchers for analyzing an outdated Android version of the mobile voting app, not connecting to the Voatz servers and therefore not being subject to security protections and “fabricating an imagined version” of the servers.

“In short, to make claims about a backend server without any evidence or connection to the server negates any degree of credibility on behalf of the researchers,” the Voatz statement reads.

Elections officials are still deciding on how to move forward, caught between recommendations from cybersecurity researchers and the company pointing to previous tests that have produced no visible security issues.

The app “is not perfect — nothing is — and security is always a concern for us,” Donald Kersey, a senior election official in West Virginia, told the Times. “But this is about using new technologies that give us a way to make sure people who maybe can’t always vote have that opportunity.”

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

Featured Cybersecurity

Webinars

New Products

  • Camden Door Controls ‘SER” Surface Boxes and Extension Rings

    Camden Door Controls ‘SER” Surface Boxes and Extension Rings

    Camden Door Controls has introduced new ‘SER” surface boxes and extension rings that provide a complete solution for new construction. In addition, they provide a simple and robust solution when replacing round wired and manual push plate switches with either Camden’s wired or wireless SureWave™ no-touch switches or Kinetic™ no-battery wireless switches. 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • LiftMaster Garage Door Opener

    LiftMaster Garage Door Opener

    LiftMaster Transforms the Garage Door Opener Into a Sleek Smart Home Device That Does More Than Open and Close the Garage Door 3