Researchers say Voatz voting app has big security flaws, 4 states using it for 2020 elections anyway

Researchers at MIT say the voting app Voatz, which is being used by at least 4 states in the 2020 elections, has major security flaws that could allow an attacker to intercept and alter votes, while making voters think their votes have been cast correctly, or trick the votes server into accepting connections from an attacker.


Here's the MIT research paper on Voatz.


Excerpt from Kim Zetter's reporting for VICE:

An attacker would also be able to alter the user’s vote and trick the user into believing their vote was transmitted accurately, researchers from the Massachusetts Technology Institute write in a paper released Thursday.

The app, called Voatz, also has problems with how it handles authentication between the voter’s mobile phone and the backend server, allowing an attacker to impersonate a user’s phone. Even more surprising, although the makers of Voatz have touted its use of blockchain technology to secure the transmission and storage of votes, the researchers found that the blockchain isn’t actually used in the way Voatz claims it is, thereby supplying no additional security to the system.

Read the full report at VICE NEWS:
'Sloppy' Mobile Voting App Used in Four States Has 'Elementary' Security Flaws
[Kim Zetter Feb 13 2020]

[via techmeme.com]