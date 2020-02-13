Photo credit: Massachusetts Institute of Technology

In recent years, interest in using the Internet and mobile technology to improve access to the voting process has increased. At the same time, computer security experts warn that paper votes are the only safe means of voting.

MIT researchers are now addressing another problem: They claim to have identified security vulnerabilities in a mobile voting application that was used during the 2018 West Virginia midterm election. The security analysis of the application called Voatz shows a number of vulnerabilities, including the ability for hackers to change, stop, or uncover individual users’ polls. The researchers also found that Voatz’s use of a third party to identify and verify voters raised potential privacy concerns for users.

The results are described in a new technical article by Michael Specter, a doctoral student at the MIT Institute for Electrical Engineering and Computer Science (EECS) and member of the Internet Policy Research Initiative of MIT, and James Koppel, also a doctoral student at the EECS. The research was conducted under the direction of Daniel Weitzner, a senior scientist at the MIT Laboratory for Computer Science and Artificial Intelligence (CSAIL) and founding director of the Internet Policy Research Initiative.

After uncovering these vulnerabilities, the researchers shared their findings with the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA). The researchers worked with the Boston University / MIT Technology Law Clinic in close consultation with the election security officers within CISA to ensure that the affected election officers and the seller were aware of the results before the research was released. This included the creation of written summaries of the results with proof-of-concept code and direct discussions with affected election officials at the request of CISA.

In addition to its use in the 2018 West Virginia election, the app has been used in elections in Denver, Oregon and Utah, as well as at the Massachusetts Democratic Convention 2016 and the Utah Republican Convention 2016. Voatz was not used during the 2020 Iowa gatherings.

The results underline the need for transparency in the design of voting systems, the researchers said.

“We are all interested in improving access to the ballot, but in order to maintain confidence in our voting system, we need to ensure that the voting systems meet the high technical and operational security standards before they are used on site,” says Weitzner. “We cannot experiment with our democracy.”

“Security experts agree that a secure choice over the Internet is not possible today,” added Koppel. “The reason is that weaknesses anywhere in a large chain can have an undue impact on a choice, and today’s software is so shaky that the existence of unknown exploitable bugs is too much of a risk.”

Breakdown of results

The researchers were initially inspired to conduct a Voatz safety analysis based on Specter’s research with Ronald Rivest, a professor at MIT. Neha Narula, director of the MIT Digital Currency Initiative; and Sunoo Park SM ’15, Ph.D. ’18, Examination of the feasibility of using blockchain systems in elections. According to the researchers, Voatz claims to use an allowed blockchain to ensure security, but hasn’t released any source code or public documentation for how their system works.

Specter, co-lecturer of an MIT Independent Activities Period course founded by Koppel with a focus on reverse engineering software, went into Voatz’s idea of ​​reverse engineering to better understand how the system works. To ensure that they do not interfere with current elections or disclose user data records, Specter and Koppel reverse-engineered the application and then created a model of the Voatz server.

They found that an opponent with remote access to the device could change or discover a user’s voices and that the server could easily change those voices when hacked. “It doesn’t seem that the app’s protocol is trying to check (real voices) with the back-end blockchain,” Specter explains.

“Perhaps most alarmingly, if you use unencrypted WiFi, a passive network adversary, such as your ISP or someone near you, can see how you have voted in some configurations. Worse, aggressive attackers could possibly detect on which way you will vote, and then end the connection on that basis alone. “

Specter and Koppel not only identified weaknesses in the Voatz coordination process, but also found that the app posed data protection problems for users. Because the app uses an external provider to verify voter ID, a third party may be able to access a voter’s photo, driver’s license details, or other forms of identification if that’s platform is not secure either.

“Although Voatz’s privacy policy speaks of sending some information to third parties, the fact that third parties receive the voter’s license and selfie is not specifically mentioned,” Specter notes.

Requires more openness

Specter and Koppel say their results point to the need for openness in election management to ensure the integrity of the electoral process. At the moment, the electoral process was transparent in countries where paper votes were used, and citizens and representatives of political parties were given the opportunity to monitor the voting process.

In contrast, Koppel states: “Voatz ‘app and infrastructure were completely from closed sources; we could only access the app itself.

“I think this type of analysis is extremely important. There is currently an effort to make voting more accessible through internet and mobile voting systems. The problem with this is that sometimes these systems are not created by professionals to ensure the security of voting systems “They are deployed before they can be properly verified,” said Matthew Green, an associate professor at the Johns Hopkins Information Security Institute. In the case of Voatz, he adds: “It looks like there were many good intentions here, but the result lacks important features that would protect a voter and the integrity of the election.”

In the future, the researchers warn that software developers should prove that their systems are as secure as paper voices.

“The biggest problem is transparency,” says Specter. “If you have a part of the choice that is opaque, that is invisible, that is not public, that has a proprietary component, that part of the system is inherently suspicious and needs to be carefully examined.”

