A new study by a team of MIT engineers has found a series of shocking vulnerabilities in a blockchain voting system called Voatz. After reverse-engineering Voatz’s Android app, the researchers concluded that by hacking into voters’ phones, attackers could watch, suppress and change ballots at will. Cyberattacks could also reveal where a given user votes, and possibly suppress them in the process, the paper said.
Most disturbing, the researchers say, that attackers who compromise the servers that manage the Voatz API can even change their ballots when the vote arrives, which in theory should prevent the threat of distributed ledgers.
“Given the seriousness of the failures discussed in this paper, the lack of transparency, the risk of voter privacy, and the trivial nature of the attacks, we recommend abandoning any immediate plans to use the app for high-risk elections,” the researchers concluded. “
Security researchers are skeptical that Voatz’s blockchain-based voting project is designed to replace absentee ballots, but many in the tech community have expressed strong interest in getting more than $9 million in venture capital. Under the Voatz system, users will vote remotely through the app and verify their identity through the phone’s facial recognition system.
Voatz has been used in some minor U.S. elections, collecting more than 150 votes in the 2018 West Virginia election.
In a blog post, Voatz questioned MIT’s findings, calling the methodology “wrong.” The company’s main complaint is that researchers are testing outdated versions of Voatz client software and are not trying to connect to the Voatz server itself. “This flawed method invalidates any claim that it undermines the ability of the entire system,” the blog post read. “
Voatz executives argued in a phone call with reporters that server-side protection would prevent infected devices from being authenticated into a broader system. “All of their ideas are based on the idea that they can destroy devices and therefore servers,” said Nimit Sawhney, Voatz’s chief executive. And this assumption is completely wrong. “
Voatz also highlighted measures that would allow voters and election officials to verify ballots afterwards. Hilary Braseth, the company’s head of product, said: “Every ballot paper submitted by Voatz produces a paper ballot, and every voter who uses Voatz receives one ballot once it is submitted.” “
So far, these explanations have not impressed security experts. Matthew Green, a cryptographer at Johns Hopkins, said on Twitter: “The device simply sends tickets to the server. Servers may place them on the blockchain, but this will not help if the device or server is compromised. Voatz needs to explain how they deal with the problem. “
Voatz also pointed out its ongoing vulnerability bounty program and periodic code reviews in a blog post to prove that the application is strong lying secure – but some researchers may disagree. Last October, the company came under fire for the FBI referral, which sources told CNN originated at the University of Michigan’s election security program. Others criticized Voatz’s bounty program as onerous and hostile to researchers, which may explain why MIT researchers did not participate.
Overall, this is still not the first time a security issue has been raised about Voatz or blockchain voting. In November, Sen. Ron Wyden (D-OR) wrote to the Pentagon raising concerns about Voatz’s security and calling for a full review of the app. The request was eventually delayed. “Cybersecurity experts have made it clear that Internet voting is not secure,” Wyden said in a statement. It’s been a long time since Republicans ended the election security ban and let Congress pass mandatory security standards for the entire electoral system. “