Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security United States Politics

MIT Researchers Disclose Vulnerabilities in Voatz Mobile Voting Election App (zdnet.com) 38

Academics from MIT's computer science laboratory have published a security audit today of Voatz, a mobile app used for online voting during the 2018 US midterm elections and scheduled to be used again in the upcoming 2020 presidential election. From a report: MIT academics claim they identified bugs that could allow hackers to "alter, stop, or expose how an individual user has voted." "We additionally find that Voatz has a number of privacy issues stemming from their use of third party services for crucial app functionality," the research team said in a technical paper released today. "Our findings serve as a concrete illustration of the common wisdom against Internet voting, and of the importance of transparency to the legitimacy of elections," researchers added. MIT academics urge states to continue using paper ballots rather than mobile apps that transmit votes over the internet. They say the current paper ballot voting system is designed to be transparent, and allow citizens and political parties to observe the voting process. "Voatz's app and infrastructure were completely closed-source," said James Koppel, one of the MIT academics.
This discussion has been archived. No new comments can be posted.

MIT Researchers Disclose Vulnerabilities in Voatz Mobile Voting Election App

Comments Filter:
    • by sycodon ( 149926 )

      Yes.

      Especially when used in combination with technology.

      Mark the ballot, scan it, confirm the scan matches, slide it into the box.

      You get the instant count they are looking for but also the paper is the ultimate record. Later, after the paper ballots are scanned officially, they damned well better match the paper or you know something is up.

      That will also prevent people form showing up with boxes of marked ballots later.

      Narrowing and simplifying the methods of voting is the key to secure elections, not an,

    • I almost never agree with you. On this point, I agree with you.

  • I'm shocked, shocked I tell you!

    • Well, it you're going to entrust something as important as choosing your leaders to an app called "Voatz".... you really shouldn't be surprised if it turns out it has problems.
      • by DarkOx ( 621550 )

        You mean like every business under the sun trustes their private internal communications to a third party app called "slack".

        Lets face it people are stupid and they absolutely deserve the representation or lack their of that they get.

  • Notabug (Score:1, Interesting)

    This wasn't some kind of mistake. The design was to take the air out of the Bernie Sanders campaign by denying him an out-of-the-gate victory in Iowa, and it did just that. I saw this comment on Reddit and will quote it here as it does a great job of explaining why this is all happening:

    "The big corporations are scared to death of him. Unlike 99% of politicians, Bernie does not take money from them in the form of Super PACS, which is basically legal bribery to politicians to fund campaigns, which are insa

    • A Bernie win would be the beginning of the end of the elitist control of the Democratic Party. That's why they hate him."

      Pelosi runs the democratic party, and always will.

      Bernie will never be president. His nomination will guarantee another term for Trump.

    • The Party's financiers are simply trying to adjust the riot index [ssrn.com].

      The credibility crisis awaits the necessary false flag to pacify the savages.

    • "The big corporations are scared to death of him. Unlike 99% of politicians, Bernie does not take money from them in the form of Super PACS, which is basically legal bribery to politicians to fund campaigns, which are insanely expensive due to our lengthy electoral cycles and ad expenses.

      https://apnews.com/345bbd1af529cfb1e41305fa3ab1e604/ [apnews.com]

      WASHINGTON (AP) â" Bernie Sanders says he doesnâ(TM)t want a super PAC. Instead, he has Our Revolution, a nonprofit political organization he founded that funct

  • by mveloso ( 325617 ) on Thursday February 13, 2020 @12:34PM (#59724510)

    Really, there are only two issues that they brought up that I can see:

    1. the credentials on-device aren't really safe, and
    2. the vote payload isn't signed with the user's credentials.

    The problem with these kinds of analyses is that they're done by scaremongers. Given the context of the app and reality, how likely is it that these can actually be exploited at scale?

    And in any case, are these issues worse than paper ballots, or a compromise of the analog reporting system? In in-person elections you don't even have to show ID to vote, for the most part. How is that safe and secure?

    Most of this analysis is moot anyway. Can you submit a vote without going through the Jumio verification system? If not, the rest of this analysis is a waste of time.

    • by MightyYar ( 622222 ) on Thursday February 13, 2020 @12:44PM (#59724544)

      At the end of the day, a technical analysis does not matter. The idea of remote voting is fundamentally flawed, as it fails to guarantee an anonymous vote. It does nothing to prevent vote buying, proxy voting by an abusive relative, stealing of votes (for instance, at a retirement home), voter intimidation, etc. A secure voting location is absolutely vital to a fair election. Even absentee ballots need to be minimized - we recently had a tainted election in NC thanks to those.

      • We vote on Tuesdays because it's the hardest time of the week for working class folk to get to the polls. Many states require you to show up at a specific polling place and send faulty or not enough voting machines.

        NC's elections problems were tampering with ballots [npr.org]. That can and does happen at election sites. There's been more than one case of voting machines getting dropped off at strange locations for unknown reasons.
        • Despite the manifest inefficiency, we need paper ballot voting. If you one trusts computer systems for anything truly important, one doesn't understand computer security.

        • I'm a working class "folk".
          I've worked steady since I was 16, I"m 49 now.
          And somehow, I've always managed to vote on Tuesday, or whatever day of the week it happens to be. Even when there have been lines.
          If you can't manage that....frankly, i don't value your opinion much.

        • Extending voting past Tuesday is the solution to that problem, not remote voting.

          Despite your claim to the contrary, there is very little documented evidence that in-person voting fraud is significant. This is not an accident - this is due to years of adjustments and fine-tuning of in-person voting procedures. Look at Chicago for historical examples of how badly it used to go. Unlike in-person voting, remote voting can never guarantee the anonymous vote. Every election is inherently at risk when more than a

      • The idea of remote voting is fundamentally flawed, as it fails to guarantee an anonymous vote.
        That is wrong.

        • How is it wrong. How can you prevent me from selling my vote if I vote by mail? How can you prevent an abusive spouse or parent from stealing my vote? How can you prevent a local thug from coming around to collect my vote, making sure I voted for his preferred candidate, and then mailing the envelope himself.

          The answer is you cannot prevent any of those things. For any of that, you need a secure location.

    • Really, there are only two issues that they brought up that I can see:

      1. the credentials on-device aren't really safe, and 2. the vote payload isn't signed with the user's credentials.


      That's a pretty big fucking problem.
    • by sycodon ( 149926 )

      In in-person elections you don't even have to show ID to vote

      That is also a huge problem, but it's being addressed despite tremendous push back from Democrats.

      • got caught saying that the purpose was to suppress minority votes. They didn't think they needed to hide the racist purpose. I think if they hadn't had an 8 year break from court packing they would have been right.
        • by sycodon ( 149926 )

          So you are saying minorities are idiots that can't get an ID that they almost certainly already have.

          Give it up. Your Race Card is so worn, you can see through it.

          • by dryeo ( 100693 )

            Well what happened to my wife the other election after the right wing had taken advice from the American Republican Party on how to fix our (Canadian) ID requirements was she showed up to vote and the name she was registered to vote under had been changed to my name when all her ID was in her name. Took hours to straighten out even with all her ID, marriage certificate and various bills in her name. According to the government web site, she was registered in her name.
            As she is a minority that was heavily m

  • Given the current state of technology -- and the seeming lack of understanding of that tech by those trying to employ it for voting purposes -- there is no good solution to these mobile voting issues. It is just too easy to botch or manipulate.

  • There is no way to secure something that's so small it cannot be seen.
  • Based on that name alone, I wouldn't trust it to count my fingers.

    It reminds me of "Survey Monkey", you know if they could go back in time they'd change that one.

Genius is ten percent inspiration and fifty percent capital gains.

Working...