A mobile voting app used by West Virginia and several local governments in the 2018 midterm elections contains vulnerabilities that could allow hackers to determine how someone voted or even change their vote, according to a report released Thursday by security researchers. Researchers from the Massachusetts Institute of Technology found the security flaws in the Voatz voting app, which was originally designed as a way for overseas service members to cast ballots. The researchers said their findings underscore prior security recommendations that the internet not be used for voting. “Perhaps most alarmingly, we found that a passive network adversary, like your internet service provider, or someone nearby you if you’re on unencrypted Wi-Fi, could detect which way you voted in some configurations of the election,” said Michael Specter, a graduate student in MIT’s Department of Electrical Engineering and Computer Science. “Worse, more aggressive attackers could potentially detect which way you’re going to vote and then stop the connection based on that alone.” In addition to West Virginia, several local governments, including ones in Washington state, Colorado, Utah and Oregon, have conducted their own pilots with the Voatz system. Additional states are also considering whether to use the app to assist absentee voters in upcoming elections.
National: Everyone Counts raises funds to push internet voting into the mainstream | San Diego Union-Tribune
Election software firm Everyone Counts has raised $20 million in debt and equity financing to push its electronic voting technology into more county and state governments. The influx of capital comes as the San Diego company awaits federal certification for its secure digital voting system – expected no later than the first quarter of next year, said Chief Executive Lori Steele. Approval by the Election Assistance Commission would pave the way for county and state elections officials to offer digital voting via computers, tablets or smartphones – both in polling places and remotely. “The interesting thing is we will be the only software-based voting system that is hardware agnostic that is (EAC) certified – probably for the next two years,” said Steele on Thursday.