National: ‘Sloppy’ Mobile Voting App Used in Four States Has ‘Elementary’ Security Flaws | Kim Zetter/VICE
A mobile voting app being used in West Virginia and other states has elementary security flaws that would allow someone to see and intercept votes as they’re transmitted from mobile phones to the voting company’s server, new research reveals. An attacker would also be able to alter the user’s vote and trick the user into believing their vote was transmitted accurately, researchers from the Massachusetts Technology Institute write in a paper released Thursday. The app, called Voatz, also has problems with how it handles authentication between the voter’s mobile phone and the backend server, allowing an attacker to impersonate a user’s phone. Even more surprising, although the makers of Voatz have touted its use of blockchain technology to secure the transmission and storage of votes, the researchers found that the blockchain isn’t actually used in the way Voatz claims it is, thereby supplying no additional security to the system. The research was conducted by Michael Specter and James Koppel, two graduate students in MIT’s Computer Science and Artificial Intelligence Lab, and Daniel Weitzner, principal research scientist with the lab. Election security experts praised the research and said it shows that long-held concerns about mobile voting are well-founded.Full Article: 'Sloppy' Mobile Voting App Used in Four States Has 'Elementary' Security Flaws - VICE.