Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

MIT Finds Hackers Can Change Votes in Voting App Used in U.S. Federal Elections
scitech daily ^ | FEBRUARY 19, 2020 | ABBY ABAZORIUS

Posted on 02/22/2020 1:34:23 PM PST by Mount Athos

Mobile voting application could allow hackers to alter individual votes and may pose privacy issues for users.

In recent years, there has been a growing interest in using internet and mobile technology to increase access to the voting process. At the same time, computer security experts caution that paper ballots are the only secure means of voting.

Now, MIT researchers are raising another concern: They say they have uncovered security vulnerabilities in a mobile voting application that was used during the 2018 midterm elections in West Virginia. Their security analysis of the application, called Voatz, pinpoints a number of weaknesses, including the opportunity for hackers to alter, stop, or expose how an individual user has voted. Additionally, the researchers found that Voatz’s use of a third-party vendor for voter identification and verification poses potential privacy issues for users.

The findings are described in a new technical paper (PDF) by Michael Specter, a graduate student in MIT’s Department of Electrical Engineering and Computer Science (EECS) and a member of MIT’s Internet Policy Research Initiative, and James Koppel, also a graduate student in EECS. The research was conducted under the guidance of Daniel Weitzner, a principal research scientist at MIT’s Computer Science and Artificial Intelligence Lab (CSAIL) and founding director of the Internet Policy Research Initiative.

After uncovering these security vulnerabilities, the researchers disclosed their findings to the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA). The researchers, along with the Boston University/MIT Technology Law Clinic, worked in close coordination with election security officials within CISA to ensure that impacted elections officials and the vendor were aware of the findings before the research was made public. This included preparing written summaries of the findings with proof-of-concept code, and direct discussions with affected elections officials on calls arranged by CISA.

In addition to its use in the 2018 West Virginia elections, the app was deployed in elections in Denver, Oregon, and Utah, as well as at the 2016 Massachusetts Democratic Convention and the 2016 Utah Republican Convention. Voatz was not used during the 2020 Iowa caucuses.

The findings underscore the need for transparency in the design of voting systems, according to the researchers.

“We all have an interest in increasing access to the ballot, but in order to maintain trust in our elections system, we must assure that voting systems meet the high technical and operation security standards before they are put in the field,” says Weitzner. “We cannot experiment on our democracy.”

“The consensus of security experts is that running a secure election over the internet is not possible today,” adds Koppel. “The reasoning is that weaknesses anywhere in a large chain can give an adversary undue influence over an election, and today’s software is shaky enough that the existence of unknown exploitable flaws is too great a risk to take.”

Breaking down the results The researchers were initially inspired to perform a security analysis of Voatz based on Specter’s research with Ronald Rivest, Institute Professor at MIT; Neha Narula, director of the MIT Digital Currency Initiative; and Sunoo Park SM ’15, PhD ’18 , exploring the feasibility of using blockchain systems in elections. According to the researchers, Voatz claims to use a permissioned blockchain to ensure security, but has not released any source code or public documentation for how their system operates.

Specter, who co-teaches an MIT Independent Activities Period course founded by Koppel that is focused on reverse engineering software, broached the idea of reverse engineering Voatz’s application, in an effort to better understand how its system worked. To ensure that they did not interfere with any ongoing elections or expose user records, Specter and Koppel reverse-engineered the application and then created a model of Voatz’s server.

They found that an adversary with remote access to the device can alter or discover a user’s vote, and that the server, if hacked, could easily change those votes. “It does not appear that the app’s protocol attempts to verify [genuine votes] with the back-end blockchain,” Specter explains.

“Perhaps most alarmingly, we found that a passive network adversary, like your internet service provider, or someone nearby you if you’re on unencrypted Wi-Fi, could detect which way you voted in some configurations of the election. Worse, more aggressive attackers could potentially detect which way you’re going to vote and then stop the connection based on that alone.”

In addition to detecting vulnerabilities with Voatz’s voting process, Specter and Koppel found that the app poses privacy issues for users. As the app uses an external vendor for voter ID verification, a third party could potentially access a voter’s photo, driver’s license data, or other forms of identification, if that vendor’s platform isn’t also secure.

“Though Voatz’s privacy policy does talk about sending some information to third parties, as far as we can tell the fact that any third party is getting the voter’s driver’s license and selfie isn’t explicitly mentioned,” Specter notes.

Calls for increased openness Specter and Koppel say that their findings point to the need for openness when it comes to election administration, in order to ensure the integrity of the election process. Currently, they note, the election process in states that use paper ballots is designed to be transparent, and citizens and political party representatives are given opportunities to observe the voting process.

In contrast, Koppel notes, “Voatz’s app and infrastructure were completely closed-source; we were only able to get access to the app itself.

“I think this type of analysis is extremely important. Right now, there’s a drive to make voting more accessible, by using internet and mobile-based voting systems. The problem here is that sometimes those systems aren’t made by people who have expertise in keeping voting systems secure, and they’re deployed before they can get proper review,” says Matthew Green, an associate professor at the Johns Hopkins Information Security Institute. In the case of Voatz, he adds, “It looks like there were many good intentions here, but the result lacks key features that would protect a voter and protect the integrity of elections.”

Going forward, the researchers caution that software developers should prove their systems are as secure as paper ballots.

“The biggest issue is transparency,” says Specter. “When you have part of the election that is opaque, that is not viewable, that is not public, that has some sort of proprietary component, that part of the system is inherently suspect and needs to be put under a lot of scrutiny.”


TOPICS: News/Current Events; Politics/Elections
KEYWORDS: mit; votingapp; votingfraud
Navigation: use the links below to view more comments.
first previous 1-2021-4041-44 next last
To: Mount Athos

Remember, Kalifornia has been using ‘Ballot Harvesting’ for many years. If one only votes for 1 or 2 things on the ballot and leaves the rest blank, Kalifornia government staff will ‘complete’ the rest of the ballot, filling in all the other votes. In 2018 in Orange County Kalifornia 6 to 8 Republican congressmen won on election day. A few days and weeks later, the democRAT was declared the winner. Just like AL Franken in Minnesota, the democRATS will lie and cheat to gain and maintain power.

The California DMV Motor Voter fraud goes event beyond the Driver License, to the California I.D. In my work all of my clients are developmentally disabled; some have 2 or 3 challenges. Recently a client who has a lower than not IQ was at the DMV, with her mother’s assistance, to renew her I. D. They INSISTED that she register to vote. The parents that were right beside her could not stop the DMV clerk from registering my client to vote. As to which ‘party’, well, one can easily guess. So... just how many times have my clients, and hundreds of thousands of other clients, ‘voted’ in California?


21 posted on 02/22/2020 2:48:25 PM PST by Ronaldus Magnus III (Do, or do not, there is no try.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Gay State Conservative
FRONT-MEX-ID1111111111

REAR-MEX-ID2222222222222
22 posted on 02/22/2020 2:56:49 PM PST by justme4now (Falsehood flies, and the Truth comes limping after it)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Sirius Lee
"And I would add, anybody who votes has to dip their finger in purple ink that doesn't wash off for a week. If someone shows up at the polls with a purple finger then they can't vote again. "

Absolutely!
With one minor change: The voter has to dip their nose in the purple ink... Far more secure...

Of course that is just one part of the problem... Probably, IMHO, 25-to-30 million of the 45-to-55 million illegal migrant invaders are getting ready to vote in the 2020 elections... After all, the trial run of 3 million in the 2016 elections in CA were an astounding success...

23 posted on 02/22/2020 2:57:30 PM PST by SuperLuminal (Where is Sam Adams now that we desperately need him)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Mount Athos

Maybe paper ballots might be the smart thing to do but what the hell do I know.


24 posted on 02/22/2020 2:57:59 PM PST by hawkaw
[ Post Reply | Private Reply | To 1 | View Replies]

To: Mount Athos

‘MIT Finds Hackers Can Change Votes in Voting App Used in U.S. Federal Elections’

And who’s gonna do anything about it...not news to know it can be done! New to know it’s going to be stopped in all fifty states and not allowed in Nov! Who’s on top of that? Who’s got that handled after the cheating in 2016? NO ONE...NOW that’s some GD news! WHY the f*ck NOT?


25 posted on 02/22/2020 3:01:03 PM PST by ldish (Have had enough...you??????)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Gay State Conservative

F*CKING UNACCEPTABLE for the Trump Admin to let this happen...duh! Too late now to let us know this 3 1/2 years...what the hell????????

OH, now nothing can be done - right!


26 posted on 02/22/2020 3:03:29 PM PST by ldish (Have had enough...you??????)
[ Post Reply | Private Reply | To 16 | View Replies]

To: fhayek

‘Paper. ID’s. In Person. Thumbs dipped in indelible ink.

25 years in prison for voter fraud.

Why would any honest person be against this.’

Why not since we are such a stupid f’ing nation and govt....yesssssssssssssssssssssssssssssssssss get your finger dirty morons!


27 posted on 02/22/2020 3:05:53 PM PST by ldish (Have had enough...you??????)
[ Post Reply | Private Reply | To 20 | View Replies]

To: thinden

Yje vote cheating is run from ‘someone’ / folks higher up the food chain than both parties.


28 posted on 02/22/2020 3:20:34 PM PST by MHGinTN (A dispensation perspective is a powerful tool for discernment)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Ronaldus Magnus III
They INSISTED that she register to vote. The parents that were right beside her could not stop the DMV clerk from registering my client to vote.

I went to the DMV here in Calif to apply for real ID last week and was forced by the computer to re-register to vote even though I have been registered to vote for almost 50 years.

29 posted on 02/22/2020 3:28:18 PM PST by Inyo-Mono
[ Post Reply | Private Reply | To 21 | View Replies]

To: All

I’m much less worried about Hackers than I am about the people who write the original code and the ones that have the keys to the machines.


30 posted on 02/22/2020 3:35:45 PM PST by LegendHasIt
[ Post Reply | Private Reply | To 1 | View Replies]

To: Gay State Conservative

The only people who should have a right to absentee ballots are military and diplomatic persons. There should be no early balloting in absentee. And we need to have paper ballots even if it takes a month to tally the votes.


31 posted on 02/22/2020 3:50:55 PM PST by MHGinTN (A dispensation perspective is a powerful tool for discernment)
[ Post Reply | Private Reply | To 17 | View Replies]

To: Mount Athos

Who votes doesn’t matter, it’s who counts the votes that matter.


32 posted on 02/22/2020 3:56:09 PM PST by dfwgator (Endut! Hoch Hech!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Sirius Lee

Because they’d be in jail

To paraphrase one of my DJT rejoinders to HilLIARy


33 posted on 02/22/2020 5:23:45 PM PST by Oscar in Batangas (January 20, 2017, High Noon. The end of an error.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Mount Athos
Mobile voting application could allow hackers Russians and Democrats to alter individual votes
34 posted on 02/22/2020 7:50:48 PM PST by libertylover (Democrats hated Lincoln too.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: arthurus

Especially since so many use their cellphones to connect to wide-open WiFi spots...


35 posted on 02/23/2020 3:18:36 AM PST by trebb (Don't howl about illegal leeches, or Trump in general, while not donating to FR - it's hypocritical.)
[ Post Reply | Private Reply | To 4 | View Replies]

Except for written, mail-in ballots, all forms of remote voting should be suspended.


36 posted on 02/23/2020 3:24:27 AM PST by Gene Eric (Don't be a statist!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: arthurus

And paper ballots can be destroyed, hidden, not counted, etc. New ones can be created. All it takes is dishonest lefties working together at any precinct. Close the poll at 7pm. Count the ballots. Create more ballots for your leftie candidate. Find out how many you need. Check the list of voters, every precinct has this list. vote for however many didn’t sign in to vote. This is how Gray Davis won in Ca. Will people do this? They do this.

The hanging chads were just stacks of paper ballots with a long needle run through where you want to vote. Gore. Just stack them up neatly. Run needle through. Long knitting needle will do. top ones get punch out neatly. middle ones have hanging chads. bottom ballots have pregnant chads, didn’t get punch through.

In Louisiana they find officials with boxes of ballots in trunk. That is why so many elections swing blue there. In some other state, can’t remember where, an official was caught burning stacks of ballots. I don’t remember if she went to prison or not. You have to destroy the ones that weren’t punched right - you have to create new ones for the dem candidates.

I know Republicans who ALL they do is work to fight against this fraud. But now with electronic voting, the vote still won’t be clean.


37 posted on 02/23/2020 3:55:12 AM PST by buffyt ( Is there room in the Clown Car for little mikey or is he a hood ornament? borrowed tag line)
[ Post Reply | Private Reply | To 4 | View Replies]

To: Ronaldus Magnus III

Yes, you are right, they do that!


38 posted on 02/23/2020 3:56:01 AM PST by buffyt ( Is there room in the Clown Car for little mikey or is he a hood ornament? borrowed tag line)
[ Post Reply | Private Reply | To 21 | View Replies]

To: SuperLuminal

And they are showing up for Bernie so far. They think USA is the land of milk and honey, money grows on trees. Some don’t want to work for things they want and need. When we first got married we had nothing. 1973 we had a 1967 VW Beetle. An apartment in Clute Texas for $125 a month. Rented cheapo furniture. We ate hot dogs, beans, and fish sticks and baked potatoes. We worked and saved and dug our way out, and up. No one gave us anything!


39 posted on 02/23/2020 3:59:24 AM PST by buffyt ( Is there room in the Clown Car for little mikey or is he a hood ornament? borrowed tag line)
[ Post Reply | Private Reply | To 23 | View Replies]

To: MHGinTN

Some people physically cannot come to vote in person.


40 posted on 02/23/2020 4:00:43 AM PST by buffyt ( Is there room in the Clown Car for little mikey or is he a hood ornament? borrowed tag line)
[ Post Reply | Private Reply | To 31 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-44 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson