‘Voatz’ e-voting app may be riddled with vulnerabilities

There has been growing interest in recent years in digitising elections using online voting, voting via email, and voting apps. E-voting is mainstream in Estonia, and used by a small number of US voters, such as military personnel deployed overseas and astronauts in orbit. Despite the appeals of electronic voting – such as greater efficiency during counting – security experts have warned that paper ballots are the only truly secure means of voting.

Earlier this month, West Virginia’s legislature agreed to expand the option of e-voting to voters with disabilities. The state is likely to make use of the blockchain-based Voatz e-voting app, which it trialled in the 2018 elections for overseas voters. The app was also used in elections in Denver, Utah and Oregon, and in the 2016 Massachusetts Democratic Convention.

However, MIT researchers have raised concerns about the security of the app, which it says is littered with security vulnerabilities. These weaknesses include the opportunity for hackers to alter, block, or expose an individual’s vote.

“We find that Voatz is vulnerable to a number of attacks that could violate election integrity,” the researchers wrote in a security analysis of the app. The analysis was conducted by MIT graduate students Michael Specter and James Koppel under Daniel Weitzner, who leads the MIT Internet Policy Research Initiative.

As Voatz has not released any source code or other documentation for how their system works, the graduate students reverse engineered the app and created a model of its server. They found that an adversary with remote access to the device would be able to view and alter an individuals’ vote. If the server was hacked, this would allow them to change votes. Specter warned that although the app claims to use blockchain for transparency, auditing and accountability, their model showed that the app does not appear to verify genuine votes with blockchain.

They also found that a passive network adversary such as an ISP could detect the way individuals voted under some circumstances, as well as potentially detecting which way they plan to vote and then break the connection on the basis of this.

Specter and Koppel also found that the app could pose privacy issues, on account of using a third party for voter verification. This could expose a user’s photo, driver’s licence data, and other forms of identification.

These vulnerabilities were disclosed to the vendor and the Department of Homeland Security’s Cybersecurity and Infrastructure Agency.

Specter and Koppel said that their findings demonstrate the need for openness in election administration in order to protect the integrity of democratic processes. They advise that developers should prove that their e-voting systems are as secure as paper ballots in order to be considered.

“We all have an interest in increasing access to the ballot, but in order to maintain trust in our elections system, we must assure that voting systems meeting the high technical and operational security standards before they are put in the field,” said Weitzner. “We cannot experiment on our democracy.”