MIT Researchers: Online Voting App Has Security FlawsVoatz Smartphone App Used in 2018 Vulnerable to Hacking, Report Alleges
Security researchers at the Massachusetts Institute of Technology have published a technical paper that describes several security flaws in Voatz, a smartphone app used for limited online voting during the 2018 U.S. midterm elections.
But the maker of the app contend the research is flawed. The company, also known as Voatz, says it cannot comment on any plans for use of the app in this year's presidential primaries, with any announcements coming from the states.
The researchers say vulnerabilities in the app could allow a hacker to "alter, stop, or expose a user's vote, including a side-channel attack in which a completely passive network adversary can potentially recover a user's secret ballot." In addition, the company behind Voatz relies on a number of third-party services for its app, which could further expose a user's data, according to the research report released Thursday.
Today, myself and co-authors @jimmykoppel and @djweitzner released a paper discussing a slew of vulnerabilities we found in @voatz, a blockchain voting app that's been used in US federal elections. You can read about it in the @nytimes! https://t.co/WgWqi0v0Vg— Specter (@mspecter) February 13, 2020
Voatz, which is based in Boston, created its smartphone voting app for the 2018 elections, when it was deployed for limited use in West Virginia, Denver, Oregon and Utah. The app, which reportedly uses a combination of biometrics, real-time identification and blockchain technologies, also was used by overseas military personnel to record their votes during the 2018 elections, according to the New York Times.
The findings published by MIT Thursday come a few weeks after the IowaReporterApp, which was used to tally the results of the Democratic presidential caucuses in Iowa, malfunctioned and caused significant confusion for voters and candidates.
Some lawmakers are expressing concerns about the safety of using online tools for voting without a paper backup.
I raised questions about voting apps like Voatz because cybersecurity experts have said they're unsafe. A new study just found massive security vulnerabilities that could let hackers change votes. Congress needs to pass security standards to end the use of this unsafe technology. https://t.co/KS9A2FzJGU— Ron Wyden (@RonWyden) February 13, 2020
A spokesperson for Voatz could not be reached for comment. But the company refuted the researchers' claims in a blog post.
"Our review of their report found three fundamental flaws with their method of analysis, their untested claims, and their bad faith recommendations," according to Voatz.
In their paper, the MIT researchers note that they were unable to obtain complete information about how Voatz engineers developed the company's voting application, nor were they able to access the full backend of the company's infrastructure to investigate how the app checks and verifies identity. Instead, the researchers used a "black-box" approach and reversed engineered the app, which is built off of the Android operating system, according to the paper.
The Voatz app used for testing came from the Google Play store version that was available on Jan. 1, according to the report.
Because connecting to a server that contains voters' information can involve legal and ethical concerns, the researchers note that they only connected to their own server in the lab and avoided trying to connect to Voatz's infrastructure. "Special care was taken to ensure that our static and dynamic analysis techniques could never directly interfere with Voatz or any related services, and we went through great effort so that nothing was intentionally transmitted to Voatz's servers," according to the paper.
The MIT researchers say they found several vulnerabilities within the Voatz app. For instance, an attacker who can gain root access to a device running the app can "easily" evade security defenses and learn about the user's voting choice - even after the event is over - and alter that vote, the researchers say.
The paper also says that the application's network protocol can leak details of a user's vote. And even though the company says it uses blockchain technology to help protect information, the researchers say that this is unlikely to protect the user against a server-side attack, which can open the door to a larger data breach. When Capital One was breached in 2019, the alleged hacker in that case used a version of a server-side attack to bypass security controls.
Research Methods Questioed
In responding the MIT report, Voatz says that because the researchers did not have complete access to the company's backend operations and all the technical details, the research is flawed.
"In the absence of trying to access the Voatz servers, the researchers fabricated an imagined version of the Voatz servers, hypothesized how they worked, and then made assumptions about the interactions between the system components that are simply false," Voatz says in its blog.
Over the last few years, Voatz has been aggressive in pushing back against researchers who have found flaws in the company's app. Independent security researcher Kevin Beaumont noted on Twitter a similar exchange when he pointed out a flaw two years ago.
In 2018, Beaumont said he found unpatched servers and discovered several Voatz service-related credentials on Github. At the time, Voatz downplayed the incident as part of its "honeypot operation."
Not sure if anybody remembers that thread I had about blockchain election company Voatz a few years ago (they faked their list of pentesters and such), but somebody external actually looked at their security. https://t.co/rrtpyRkMO3— Kevin Beaumont (@GossiTheDog) February 13, 2020
Push for Paper Ballots
In their study, the MIT researchers contend that internet-connected voting systems remain susceptible to various online attacks and reiterate the need to rely on paper ballots to ensure transparency in the election process.
"Our findings serve as a concrete illustration of the common wisdom against Internet voting, and of the importance of transparency to the legitimacy of elections," the researchers add. "Software independent systems using voter-verified paper ballots and risk limiting audits remain the most secure option."
An earlier report by Def Con Voting Village also concluded that paper ballots are more secure from malicious hacks as well as other security vulnerabilities. In its September 2019 report, Def Con said that several voting machines in the U.S remained susceptible to tampering, hacking and other security vulnerabilities (see: Report: US Voting Machines Still Prone to Hacking)