new hampshire polling place

MIT Study Finds That Mobile Voting App Could Pose Cybersecurity Issues For Voters

Tech company Voatz is fighting back against research critical of its security protections, stating that researchers used an outdated version of the app and never examined Voatz servers.

As election officials increasingly consider the possibilities of online voting, particularly through smartphone apps, a new study by researchers at the Massachusetts Institute of Technology found that one app is so insecure that no state should use it in the upcoming 2020 elections.

The app, created by tech startup Voatz, is already set to be used by thousands of voters as part of a small experiment in mobile voting, according to The New York Times. But MIT researchers reverse-engineered the app to find that security flaws would allow cyber attackers to view votes being cast and potentially change ballots or block them without the user finding out.

Most concerning of all is that the hackers would be able to mess up the paper trail of how the votes were cast originally, making it difficult for elections officials to conduct a “reliable audit,” the Times wrote.

“The choice here is not about turnout but about an adversary controlling the election result and a loss of voter privacy,” the report reads, according to the Times.

Before the report was released to the media, the MIT researchers took their concerns to the Department of Homeland Security, who coordinated a series of briefings with elections officials who were planning to try out the app this year.

DHS told the Times that no one is known to have taken advantage of the flaws found by the researchers, but that the department is continuing to “work with our partners to deepen understanding of the risk.”

The debate has become especially contentious because of Voatz’s response to the claims in the MIT report. Since the report was publicized on Thursday, the company has vehemently defended its app and said that the researchers acted in “bad faith” with their research and recommendations.

“It is clear that from the theoretical nature of the researchers’ approach, the lack of practical evidence backing their claims, their deliberate attempt to remain anonymous prior to publication, and their priority being to find media attention, that the researchers’ true aim is to deliberately disrupt the election process, to sow doubt in the security of our election infrastructure, and to spread fear and confusion,” Voatz said in a statement published on Feb. 13.

The company criticized the MIT researchers for analyzing an outdated Android version of the mobile voting app, not connecting to the Voatz servers and therefore not being subject to security protections and “fabricating an imagined version” of the servers.

“In short, to make claims about a backend server without any evidence or connection to the server negates any degree of credibility on behalf of the researchers,” the Voatz statement reads.

Elections officials are still deciding on how to move forward, caught between recommendations from cybersecurity researchers and the company pointing to previous tests that have produced no visible security issues.

The app “is not perfect — nothing is — and security is always a concern for us,” Donald Kersey, a senior election official in West Virginia, told the Times. “But this is about using new technologies that give us a way to make sure people who maybe can’t always vote have that opportunity.”

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Live From ISC West 2023: Day 1

    ISC West 2023 in Las Vegas, Nevada, has officially begun! Make sure to keep an eye on Security Today’s ISCW Live 2023 page, as well as our associated Twitter accounts—@SecurToday and @CampusSecur—for the latest updates from the show floor at the Venetian Expo. Read Now

    • Industry Events
    • ISC West
  • It Happened Again

    Just yesterday (as of this writing), it happened again. A 28-year-old woman shot her way into a Christian elementary school in Nashville, Tenn., on Monday and killed three children and three adults, according to national news. AP News reports that the victims were three 9-year-old children, a top school administrator, a substitute teacher, and a school custodian Read Now

  • Let's Get to Work

    You are standing at the conference center doors just waiting to get into the exhibit hall. I know you are because I’m standing next to you. This week at ISC West has been three years in the making. Last year was encouraging, and here we are waiting for the Big Show. Read Now

    • Industry Events
    • ISC West
  • Using Modern Technology

    Using Modern Technology

    Workplace violence is a serious and growing challenge for many organizations — including those in the healthcare industry. Read Now

Featured Cybersecurity

New Products

  • Videoloft Cloud Video Surveillance VSaaS Solution

    Videoloft Cloud Video Surveillance VSaaS Solution

    Videoloft focuses on transforming traditional professional surveillance systems into cloud connected solutions via the Videoloft Cloud Adapter. 3

  • Camden Door Controls ‘SER” Surface Boxes and Extension Rings

    Camden Door Controls ‘SER” Surface Boxes and Extension Rings

    Camden Door Controls has introduced new ‘SER” surface boxes and extension rings that provide a complete solution for new construction. In addition, they provide a simple and robust solution when replacing round wired and manual push plate switches with either Camden’s wired or wireless SureWave™ no-touch switches or Kinetic™ no-battery wireless switches. 3

  • Camden Door Controls Application Spec Guide

    Camden Door Controls Application Spec Guide

    Camden Door Controls, an industry-leading provider of innovative, high quality door activation and locking products, has published a new application spec guide for specification writers designing a wireless barrier-free restroom control system. 3