Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

MIT Finds Hackers Can Change Votes in Voting App Used in U.S. Federal Elections
scitech daily ^ | FEBRUARY 19, 2020 | ABBY ABAZORIUS

Posted on 02/22/2020 1:34:23 PM PST by Mount Athos

Mobile voting application could allow hackers to alter individual votes and may pose privacy issues for users.

In recent years, there has been a growing interest in using internet and mobile technology to increase access to the voting process. At the same time, computer security experts caution that paper ballots are the only secure means of voting.

Now, MIT researchers are raising another concern: They say they have uncovered security vulnerabilities in a mobile voting application that was used during the 2018 midterm elections in West Virginia. Their security analysis of the application, called Voatz, pinpoints a number of weaknesses, including the opportunity for hackers to alter, stop, or expose how an individual user has voted. Additionally, the researchers found that Voatz’s use of a third-party vendor for voter identification and verification poses potential privacy issues for users.

The findings are described in a new technical paper (PDF) by Michael Specter, a graduate student in MIT’s Department of Electrical Engineering and Computer Science (EECS) and a member of MIT’s Internet Policy Research Initiative, and James Koppel, also a graduate student in EECS. The research was conducted under the guidance of Daniel Weitzner, a principal research scientist at MIT’s Computer Science and Artificial Intelligence Lab (CSAIL) and founding director of the Internet Policy Research Initiative.

After uncovering these security vulnerabilities, the researchers disclosed their findings to the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA). The researchers, along with the Boston University/MIT Technology Law Clinic, worked in close coordination with election security officials within CISA to ensure that impacted elections officials and the vendor were aware of the findings before the research was made public. This included preparing written summaries of the findings with proof-of-concept code, and direct discussions with affected elections officials on calls arranged by CISA.

In addition to its use in the 2018 West Virginia elections, the app was deployed in elections in Denver, Oregon, and Utah, as well as at the 2016 Massachusetts Democratic Convention and the 2016 Utah Republican Convention. Voatz was not used during the 2020 Iowa caucuses.

The findings underscore the need for transparency in the design of voting systems, according to the researchers.

“We all have an interest in increasing access to the ballot, but in order to maintain trust in our elections system, we must assure that voting systems meet the high technical and operation security standards before they are put in the field,” says Weitzner. “We cannot experiment on our democracy.”

“The consensus of security experts is that running a secure election over the internet is not possible today,” adds Koppel. “The reasoning is that weaknesses anywhere in a large chain can give an adversary undue influence over an election, and today’s software is shaky enough that the existence of unknown exploitable flaws is too great a risk to take.”

Breaking down the results The researchers were initially inspired to perform a security analysis of Voatz based on Specter’s research with Ronald Rivest, Institute Professor at MIT; Neha Narula, director of the MIT Digital Currency Initiative; and Sunoo Park SM ’15, PhD ’18 , exploring the feasibility of using blockchain systems in elections. According to the researchers, Voatz claims to use a permissioned blockchain to ensure security, but has not released any source code or public documentation for how their system operates.

Specter, who co-teaches an MIT Independent Activities Period course founded by Koppel that is focused on reverse engineering software, broached the idea of reverse engineering Voatz’s application, in an effort to better understand how its system worked. To ensure that they did not interfere with any ongoing elections or expose user records, Specter and Koppel reverse-engineered the application and then created a model of Voatz’s server.

They found that an adversary with remote access to the device can alter or discover a user’s vote, and that the server, if hacked, could easily change those votes. “It does not appear that the app’s protocol attempts to verify [genuine votes] with the back-end blockchain,” Specter explains.

“Perhaps most alarmingly, we found that a passive network adversary, like your internet service provider, or someone nearby you if you’re on unencrypted Wi-Fi, could detect which way you voted in some configurations of the election. Worse, more aggressive attackers could potentially detect which way you’re going to vote and then stop the connection based on that alone.”

In addition to detecting vulnerabilities with Voatz’s voting process, Specter and Koppel found that the app poses privacy issues for users. As the app uses an external vendor for voter ID verification, a third party could potentially access a voter’s photo, driver’s license data, or other forms of identification, if that vendor’s platform isn’t also secure.

“Though Voatz’s privacy policy does talk about sending some information to third parties, as far as we can tell the fact that any third party is getting the voter’s driver’s license and selfie isn’t explicitly mentioned,” Specter notes.

Calls for increased openness Specter and Koppel say that their findings point to the need for openness when it comes to election administration, in order to ensure the integrity of the election process. Currently, they note, the election process in states that use paper ballots is designed to be transparent, and citizens and political party representatives are given opportunities to observe the voting process.

In contrast, Koppel notes, “Voatz’s app and infrastructure were completely closed-source; we were only able to get access to the app itself.

“I think this type of analysis is extremely important. Right now, there’s a drive to make voting more accessible, by using internet and mobile-based voting systems. The problem here is that sometimes those systems aren’t made by people who have expertise in keeping voting systems secure, and they’re deployed before they can get proper review,” says Matthew Green, an associate professor at the Johns Hopkins Information Security Institute. In the case of Voatz, he adds, “It looks like there were many good intentions here, but the result lacks key features that would protect a voter and protect the integrity of elections.”

Going forward, the researchers caution that software developers should prove their systems are as secure as paper ballots.

“The biggest issue is transparency,” says Specter. “When you have part of the election that is opaque, that is not viewable, that is not public, that has some sort of proprietary component, that part of the system is inherently suspect and needs to be put under a lot of scrutiny.”


TOPICS: News/Current Events; Politics/Elections
KEYWORDS: mit; votingapp; votingfraud
Navigation: use the links below to view more comments.
first 1-2021-4041-44 next last

1 posted on 02/22/2020 1:34:23 PM PST by Mount Athos
[ Post Reply | Private Reply | View Replies]

To: Mount Athos

Well duh ?!


2 posted on 02/22/2020 1:35:52 PM PST by Bikkuri
[ Post Reply | Private Reply | To 1 | View Replies]

To: Bikkuri

3 posted on 02/22/2020 1:36:50 PM PST by DoodleBob (Gravity's waiting period is about 9.8 m/s^2)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Mount Athos

Any voting using any electronic device from cell phones to voting machines is hackable. WiFi or any device using non wired transmission or that connects to the internet is extremely hackable.


4 posted on 02/22/2020 1:37:56 PM PST by arthurus (o)
[ Post Reply | Private Reply | To 1 | View Replies]

To: DoodleBob

Soros owned companies manufacture the machines and most likely the software too.


5 posted on 02/22/2020 1:40:53 PM PST by Don Corleone (The truth the whole truth and nothing but the truth)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Don Corleone

Heard the software was assembled in china!


6 posted on 02/22/2020 1:42:33 PM PST by RoseofTexas
[ Post Reply | Private Reply | To 5 | View Replies]

To: Mount Athos

MIT sadly cannot get at the criminality that went on in Leftafornia in 2018. It would be interesting to see where the extra reps were voted in for the demon rats in 2018, state by state.


7 posted on 02/22/2020 1:44:13 PM PST by MHGinTN (A dispensation perspective is a powerful tool for discernment)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mount Athos

Changing votes without a paper trail is exactly why voting machines have been made. They were first used to get Chavez elected in Venezuela after his coup failed.


8 posted on 02/22/2020 1:49:46 PM PST by fella ("As it was before Noah so shall it be again,")
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mount Athos

That would be it’s purpose.


9 posted on 02/22/2020 1:49:58 PM PST by E. Pluribus Unum (If you don't recognize that as sarcasm you are dumber than a bag of hammers.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: MHGinTN

MIT sadly cannot get at the criminality that went on in Leftafornia in 2018. It would be interesting to see where the extra reps were voted in for the demon rats in 2018, state by state.

xxxxxxxxxxxxxxxxxxxxxxxxxx

it sure would.

here’s hoping our hackers are better than theirs


10 posted on 02/22/2020 1:50:45 PM PST by thinden (How many Barr haters across America are being paid by Soros to attack Barr.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: Bikkuri

NS Sherlock.Paper or Digi.?

Paper all the way


11 posted on 02/22/2020 2:00:54 PM PST by Bell Bouy II
[ Post Reply | Private Reply | To 2 | View Replies]

To: Mount Athos

Use paper ballots you TARDS!


12 posted on 02/22/2020 2:03:08 PM PST by mylife (The Roar Of The Masses Could Be Farts)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mount Athos

How about if we vote the way the Brits do: Paper ballots, one day for voting, tallying, and reporting official results?

ML/NJ


13 posted on 02/22/2020 2:05:29 PM PST by ml/nj
[ Post Reply | Private Reply | To 1 | View Replies]

To: ml/nj
How about if we vote the way the Brits do: Paper ballots, one day for voting, tallying, and reporting official results?

And I would add, anybody who votes has to dip their finger in purple ink that doesn't wash off for a week. If someone shows up at the polls with a purple finger then they can't vote again.

14 posted on 02/22/2020 2:13:59 PM PST by Sirius Lee (They are openly stating that they intend to murder us. Prep if you want to live.)
[ Post Reply | Private Reply | To 13 | View Replies]

To: E. Pluribus Unum
SOME OF THE DEMOCRAP VOTER FRAUD PRACTICED TODAY:

Soros OWNS electronic voting machines he leases to over 25 states.

People wandering the Malls are ‘registering’ voters; getting paid for each one. NO ID is asked for & people can register more than once.

There is NO system in place for death certificates to be forwarded to the Registrar of Voters to REMOVE a dead person from the voting rolls.

Voter fraud and election experts detailed findings from a cyber/forensic investigation reveal
compromised voting machines in 2018 (and quite probably, in the recent KY and LA governors' races).
(1) security protections in voting machines were disabled,
(2) penetration and manipulation of actual vote tabulations was and is possible, and
(3) evidence already exists that votes were surreptitiously, electronically manipulated to change election results.

Broward Fla 2018 was a dress rehearsal for massive 2020 voter fraud:
<><> Expect voter fraud in every single district with a Dem supervisor of elections.
<><> Dems will find sympathetic ballot printers, they’ll shred ones from the military.
<><> put people on notice NOW so more people are watching for it.

ELSEWHERE:
<><> buying homes in needed voting districts then busing in illegals as tenant/voters;
<><> illegal aliens added from voter registration DMV database -
<><> 175,000 purged voters put back on registration by Bevin opponent, now democrat governor Andy Beshear when he was KY AG.
<><> Repub Woman married to an Immigrant (not eligible to vote) moved out of Kentucky and unregistered as a precaution.
<><> yet she and her Immigrant husband both ”voted“ Democrat in Kentucky, though they lived elsewhere.
<><> dems have absentee ballots sent to PO Boxes, are discarded, then retrieved by vote fraudsters.
<><> modern-day slavery--herding native African into rubber dinghys--- to be sold in America as Democrat voters

======================================

Electronic fraud is rampant:
Dems calculate how many votes they are behind, how many votes still to be counted,
<><> they then trigger fraudulent software to fractionalize at random the votes being counted…... in just the right proportion to steal the election.
<><> One method of triggering is uploading a ballot that is marked completely illogically to the election management system to start the random shading routine.
<><>crooked software also survives check-sums and other elementary security checks.

15 posted on 02/22/2020 2:14:30 PM PST by Liz (Our side has 8 trillion bullets; the other side doesn't know which bathroom to use.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Mount Athos
No "early voting"...no "same day registration"...no "motor voter"...no driver's licenses to wetbacks.All attempts to register to vote and to vote require picture ID and proof of citizenship.Any attempted fraud connected in any way to federal elections (November of even years and special Congressional elections) carry a 10 year Federal prison term.

In future you register to vote at City Hall,Town Hall or a County Administration Office.ID,and proof of citizenship required to register.Applications for an "absentee ballot" require the same.Positive ID required at polling places.Elderly and disabled persons can be registered by government officials.Special IDs can be issued to elderly or disabled persons.

Papua New Guinea,Mexico and Burkina Faso have these requirements.There's no reason why we shouldn't have them as well.

16 posted on 02/22/2020 2:16:41 PM PST by Gay State Conservative (The Rats Can't Get Over The Fact That They Lost A Rigged Election)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mount Athos
Ooops...forgot:

PAPER BALLOTS ONLY!


17 posted on 02/22/2020 2:18:02 PM PST by Gay State Conservative (The Rats Can't Get Over The Fact That They Lost A Rigged Election)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sirius Lee

Amen! this aint rocket science


18 posted on 02/22/2020 2:25:43 PM PST by mylife (The Roar Of The Masses Could Be Farts)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Gay State Conservative

Meanwhile in America... the socialist bastards slash the tires of van that the conservatives use to get old folks to the polls and hand out ciggies and burgers to illegal aliens to get them to vote Bahhh!


19 posted on 02/22/2020 2:30:49 PM PST by mylife (The Roar Of The Masses Could Be Farts)
[ Post Reply | Private Reply | To 16 | View Replies]

To: fella
Paper. ID's. In Person. Thumbs dipped in indelible ink.

25 years in prison for voter fraud.

Why would any honest person be against this.

20 posted on 02/22/2020 2:40:38 PM PST by fhayek
[ Post Reply | Private Reply | To 8 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-44 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson