Blockchain voting app is dangerously vulnerable, researchers say
1Reported today on The Verge
For the full article visit: https://www.theverge.com/2020/2/13/21136219/voatz-blockchain-voting-app-election-software-hacking-mit-research-cybersecurity
Reported today in The Verge.
Blockchain voting app is dangerously vulnerable, researchers say
New research from a team of MIT engineers has found an alarming string of vulnerabilities in a leading blockchain voting system called Voatz. After reverse-engineering Voatz's Android app, the researchers concluded that an attacker who compromised a voter's phone would able to observe, suppress, and alter votes nearly at will. Network attacks could also reveal where a given user was voting and potentially suppress votes in the process, the paper claims.
Most troubling, researchers say that an attacker who compromised the servers that manage the Voatz API might even be able to alter ballots as they arrive, an alarming threat that distributed ledgers should theoretically protect against.
"Given the severity of failings discussed in this paper, the lack of transparency, the risks to voter privacy, and the trivial nature of the attacks, we suggest that any near-future plans to use this app for high-stakes elections be abandoned," the researchers conclude.
Designed as a replacement for absentee ballots, Voatz's blockchain-based voting project has been met with skepticism from security researchers but enthusiasm from many in the tech world, receiving more than $9 million in venture funding. Under the Voatz system, users would cast ballots remotely through an app, with identities verified through the phone's facial recognition systems.
Voatz has already been used in a number of minor elections in the US, collecting more than 150 votes in the 2018 general election in West Virginia.
Voatz disputed the MIT findings in a blog post, calling the research methods "erroneous." The company's main complaint is that the researchers were testing an outdated version of the Voatz client software a