New research from a team of MIT engineers has found an alarming series of vulnerabilities in a leading blockchain voting system called Voatz. After reverse-engineering the Voatz Android app, the researchers concluded that an attacker who compromised a voter’s phone could perceive, suppress, and change votes almost as needed. Network attacks can also reveal where a particular user was voting and potentially suppress votes in the process, the newspaper claims.
Most disturbingly, researchers say that an attacker who compromised the servers that manage the Voatz API might even be able to change ballot papers when they arrive, an alarming threat that distributed ledgers should theoretically protect against.
“Given the seriousness of the failures discussed in this article, the lack of transparency, the risks to the privacy of voters and the trivial nature of the attacks, we propose that plans to use this app for high in the near future -stakes elections are being abandoned, ‘the researchers conclude.
Designed to replace absentee ballots, the blockchain-based voting project from Voatz has been skeptically received by security researchers, but has received enthusiasm from many in the tech world and received more than $ 9 million in venture funding. Under the Voatz system, remote users would cast ballots via an app, whereby identities are verified through the phone’s face recognition systems.
Voatz has been used in a number of small elections in the US and collected more than 150 votes during the 2018 general election in West Virginia.
Voatz disputed the MIT findings in a blog post, which calls the research methods ‘wrong’. The company’s main complaint is that the researchers were testing an outdated version of the Voatz client software and were not trying to connect to the Voatz server itself.
“This defective approach invalidates all claims about their ability to compromise the overall system,” the blog post reads.
In a telephone conversation, Voatz executives argued that server-side protections prevented compromised devices from authenticating to the wider system. “All of their claims are based on the idea that because they could compromise the device, they could compromise the server,” said Nimit Sawhney, CEO of Voatz. “And that assumption is completely incorrect.”
The edge shared this criticism with the MIT researchers who did not respond immediately.
Voatz also emphasized measures that allowed voters and election officials to verify their vote afterwards. “Every vote submitted using Voatz results in a paper vote,” said Hilary Braseth, “and every voter who uses Voatz receives a ballot as soon as he submits it.”
So far, security experts have not been impressed by those statements. “The device simply sends votes to a server,” noted Johns Hopkins cryptographer Matthew Green on Twitter. “The server can place them on a blockchain, but this does not help if either device or a server is compromised. Voatz must explain how they handle this.”
Voatz also refers to in the post the current bug bounty program and regular code reviews as proof of the app’s robust security, but some researchers may disagree. In October, the company came under fire for an FBI referral to an incident that, according to sources, was CNN originated in an election course for the University of Michigan. Others have criticized the Voatz premium program as expensive and hostile to researchers, which perhaps explains why the MIT researchers did not participate.
Yet these are not the first time that there have been security issues regarding Voatz or blockchain voices in general. In November, Senator Ron Wyden (D-OR) wrote to the Pentagon to raise concerns about Voatz security and to request a full audit of the app. The request was finally postponed to the Department of Homeland Security.
In response to the MIT report, Wyden offered harsh criticism. “Cyber security experts have made it clear that voting over the internet is not safe,” he said in a statement. “It is a long time since Republicans ended their election security embargo and allowed Congress to pass mandatory security standards for the entire election system.”