CHARLESTON, WV (WOWK) – Researchers at MIT said they have uncovered security vulnerabilities in Voatz, the mobile voting application used during West Virginia’s 2018 midterm elections.
Their security analysis of the application pinpoints several weaknesses, including the opportunity for hackers to alter, stop, or expose how an individual user has voted, MIT said. Researchers also found that Voatz’s use of a third-party vendor for voter identification and verification poses potential privacy issues for users.
The research results are published in a new technical paper, written by MIT graduate students Michael Specter and James Koppel under the guidance of Daniel Weitzner, a principal research scientist at MIT’s Computer Science and Artificial Intelligence Lab (CSAIL) and founding director of the Internet Policy Research Initiative shows. West Virginia was the first state in the U.S. to allow select voters to use Voatz to cast their ballots, according to the paper.
Researchers shared their findings with Department of Homeland Security’s Cybersecurity and Infrastructure Agency, MIT said. The researchers, along with the Boston University/MIT Technology Law Clinic, worked closely with CISA election security officials to make sure both impacted elections officials and the vendor were aware of the findings before the research was made public.
Voatz, a private Boston-based company, made history in 2018 by fielding the first internet voting app used in “high-stakes federal elections,” according to the technical paper. The paper is the first public security review of the company.
“We all have an interest in increasing access to the ballot, but in order to maintain trust in our elections system, we must assure that voting systems meet the high technical and operation security standards before they are put in the field,” says Weitzner. “We cannot experiment on our democracy.”
By reverse-engineering the application and creating a model of Voatz’s server, researchers found that someone with remote access to the device can alter or discover a user’s vote and that the server could easily change those votes if hacked, MIT said.
Specter and Koppel say that their findings show the need for openness to ensure the integrity of the election process, according to a press release from MIT. They also said paper ballot systems still used by some states is designed to be transparent, giving both citizens and political party representatives the opportunity to observe the voting process. Koppel said Voatz’s app and infrastructure, however, were “completely closed-source; we were only able to get access to the app itself.”
Voatz has also been used in elections in Denver, Oregon, and Utah, as well as both the Democratic and Republican conventions in 2016. Voatz was not used during the 2020 Iowa caucuses, researchers said.
- Couple makes mats for the homeless out of plastic bags
- Illinois police department rallies behind boy with cancer
- Bill to assist rural Kentucky hospitals clears House panel
- Handgun confiscated at Yeager Airport
- Man accused of raping, abusing infant sentenced to 4 years in prison
- Pinellas Park teacher who died of cancer leaves behind $60K for her school to build sensory playground
- North Carolina woman beat her husband to death with a metal baseball bat, police say
- Capital High School Boys Basketball Moves Forward Following Robbery
- ‘Reality Fair’ prepares high school seniors for real world
- Kentucky woman’s ex-boyfriend indicted on charges of murder, robbery