new hampshire polling place

MIT Study Finds That Mobile Voting App Could Pose Cybersecurity Issues For Voters

Tech company Voatz is fighting back against research critical of its security protections, stating that researchers used an outdated version of the app and never examined Voatz servers.

As election officials increasingly consider the possibilities of online voting, particularly through smartphone apps, a new study by researchers at the Massachusetts Institute of Technology found that one app is so insecure that no state should use it in the upcoming 2020 elections.

The app, created by tech startup Voatz, is already set to be used by thousands of voters as part of a small experiment in mobile voting, according to The New York Times. But MIT researchers reverse-engineered the app to find that security flaws would allow cyber attackers to view votes being cast and potentially change ballots or block them without the user finding out.

Most concerning of all is that the hackers would be able to mess up the paper trail of how the votes were cast originally, making it difficult for elections officials to conduct a “reliable audit,” the Times wrote.

“The choice here is not about turnout but about an adversary controlling the election result and a loss of voter privacy,” the report reads, according to the Times.

Before the report was released to the media, the MIT researchers took their concerns to the Department of Homeland Security, who coordinated a series of briefings with elections officials who were planning to try out the app this year.

DHS told the Times that no one is known to have taken advantage of the flaws found by the researchers, but that the department is continuing to “work with our partners to deepen understanding of the risk.”

The debate has become especially contentious because of Voatz’s response to the claims in the MIT report. Since the report was publicized on Thursday, the company has vehemently defended its app and said that the researchers acted in “bad faith” with their research and recommendations.

“It is clear that from the theoretical nature of the researchers’ approach, the lack of practical evidence backing their claims, their deliberate attempt to remain anonymous prior to publication, and their priority being to find media attention, that the researchers’ true aim is to deliberately disrupt the election process, to sow doubt in the security of our election infrastructure, and to spread fear and confusion,” Voatz said in a statement published on Feb. 13.

The company criticized the MIT researchers for analyzing an outdated Android version of the mobile voting app, not connecting to the Voatz servers and therefore not being subject to security protections and “fabricating an imagined version” of the servers.

“In short, to make claims about a backend server without any evidence or connection to the server negates any degree of credibility on behalf of the researchers,” the Voatz statement reads.

Elections officials are still deciding on how to move forward, caught between recommendations from cybersecurity researchers and the company pointing to previous tests that have produced no visible security issues.

The app “is not perfect — nothing is — and security is always a concern for us,” Donald Kersey, a senior election official in West Virginia, told the Times. “But this is about using new technologies that give us a way to make sure people who maybe can’t always vote have that opportunity.”

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Maximizing Your Security Budget This Year

    7 Ways You Can Secure a High-Traffic Commercial Security Gate  

    Your commercial security gate is one of your most powerful tools to keep thieves off your property. Without a security gate, your commercial perimeter security plan is all for nothing. Read Now

  • Survey: Only 13 Percent of Research Institutions Are Prepared for AI

    A new survey commissioned by SHI International and Dell Technologies underscores the transformative potential of artificial intelligence (AI) while exposing significant gaps in preparedness at many research institutions. Read Now

  • Survey: 70 Percent of Organizations Have Established Dedicated SaaS Security Teams

    Seventy percent of organizations have prioritized investment in SaaS security, establishing dedicated SaaS security teams, despite economic uncertainty and workforce reductions. This was a key finding in the fourth Annual SaaS Security Survey Report: 2025 CISO Plans and Priorities released today by the Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

  • Mobile Applications Are Empowering Security Personnel

    From real-time surveillance and access control management to remote monitoring and communications, a new generation of mobile applications is empowering security personnel to protect people and places. Mobile applications for physical security systems are emerging as indispensable tools to enhance safety. They also offer many features that are reshaping how modern security professionals approach their work. Read Now

Featured Cybersecurity

Webinars

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3