Researchers at MIT Claim Blockchain-based Voting App Voatz Has Security Flaws
A team of researchers at Massachusetts Institute of Technology (MIT) have revealed that Voatz, a blockchain-based voting app that was used for the 2019 federal and state elections in Utah, West Virginia, and other areas. has major security flaws. As such, the team recommends that the app should not be used in high-stakes elections in the country, according to reports on February 14, 2020.
Voatz Not so Secure
As reported by BTCManager in March 2019, Denver adopted Voatz blockchain voting solution to enable overseas voters, active-duty military, and eligible residents to cast their votes from a smartphone.
Last year, reports emerged that West Virginia intends to use Voatz in the 2020 U.S. presidential elections.
Now, a new report reveals Michael Specter and James Koppel, two graduate students from MIT, as well as, Daniel Weitzner, MIT Internet Policy Research Initiative Director have discovered major security flaws in Voatz.
According to the team in its research paper, after reverse engineering Voatz to test its security, it discovered that the Android app is susceptible to several attacks that could violate the integrity of elections.
Specifically, an attacker who gains access to the voter’s smartphone can easily hack the app, learn about the voter’s choices, and manipulate these choices.
Michael Specter also revealed that the app posed privacy issues since it relies on a third party to verify voters’ ID, and as such, if the vendor’s platform is hacked, it could grant access to people’s drivers’ license data.
“Perhaps most alarmingly, we found that a passive network adversary, like your internet service provider, or someone nearby you if you’re on unencrypted Wi-Fi, could detect which way you voted in some configurations of the election,” Spectar added.
Due to these security flaws, the team has recommended that Voatz should not be used in high-stakes elections in the country.
Voatz Defends Itself
Voatz, the Boston-based company behind the app, however, made a statement on February 13, 2020.
According to the team, the researchers at MIT used an older version of the app, that was 27 versions old at the time of their disclosure, but this version was never used in the elections.
Also, the company had spent almost five years to create a resilient ballot marking system, and it adopts solutions from other industries to tackle issues pertaining to security, accessibility, identity, and auditability, Voatz said.
In line with that, there were no reported issues in all nine of the governmental pilot elections conducted using the Voatz app.
Voatz also outlined that the researchers’ approach, lack of evidence to back their claims, and attempts to remain anonymous are all a ploy to disrupt the election process and even undermine the security of the country’s election infrastructure.
On January 4, 2019, BTCManager informed that Thailand is considering the development of a blockchain-chain based system for elections.