A VULNERABLE VOTING APP

Voatz, a voting app used in multiple states during the 2018 midterms elections to allow for more accessible voting, has cyber vulnerabilities that could allow for votes to be changed or exposed, researchers at the Massachusetts Institute of Technology (MIT) found.

In a paper published Thursday, three MIT researchers found that Voatz had vulnerabilities that “allow different kinds of adversaries to alter, stop, or expose a user’s vote” and that the app also had several privacy issues due to the use of third-party services to ensure the app functioned.

The researchers found that if an individual were able to gain remote access to the device used to vote on the Voatz app, vulnerabilities could have allowed that person to discover and change the votes cast.

The researchers described their findings as being part of the first “public security analysis of Voatz” and noted that they used reverse engineering of the Android Voatz app to come to their conclusions.

The Voatz app was used during the 2018 midterms in some municipal, state or federal elections in West Virginia, Colorado, Oregon and Utah. The company allows voters to cast their votes via an app and was rolled out in West Virginia as a way for overseas military personnel and other voters unable to physically go to the polls to cast their votes.

It was also used during the 2016 Massachusetts Democratic Convention and the 2016 Utah Republican Convention. The Voatz app was not used during the recent Iowa caucuses, which were thrown into chaos when a separate app used by the Iowa Democratic Party for vote tabulation suffered a “coding issue” that slowed down the count.

Before going public with their findings, the MIT researchers contacted the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency in order to work with election officials impacted by the findings to address the vulnerabilities.

Voatz pushed back strongly against the findings, describing the research as “untested claims” and “bad faith recommendations.”

Read more here.

 

MEANWHILE IN NEVADA…: The Nevada State Democratic Party plans to use a Google calculator uploaded to iPads to help tally voting results in the upcoming Nevada caucuses, a top party official announced Thursday.

Party Executive Director Alana Mounce pushed out a memo explaining that the calculator will be loaded onto 2,000 iPads purchased by the Nevada State Democratic Party, with the iPads then distributed to precinct chairs.

Mounce wrote that the party “consulted with a team of independent security and technical experts to create a simple, user-friendly calculator,” and that the calculator will only be used by “trained precinct chairs and accessed through a secure Google web form.”

Each precinct will also separately record voters and award delegates on paper backup sheets to ensure the results of the caucus are accurate in case something goes wrong with the calculator.

Mounce emphasized that the party had invited testing from security experts, volunteers, and community leaders to ensure the process was user-friendly.

“We understand just how important it is that we get this right and protect the integrity of Nevadans’ votes,” Mounce wrote. “We are confident in our backup plans and redundancies.”

The announcement comes after the party made the decision to not use a vote tabulator app built by Shadow, Inc. that malfunctioned due to a “coding issue” during the Iowa caucuses and caused a backup in tallying results.