Thursday, April 9, 19:05
Home security Voting applications: Democracy in the hands of technology

Voting applications: Democracy in the hands of technology

In recent years, there has been increasing interest in the use of online and mobile technology to add to voting procedures. At the same time, cyber security experts point out that paper voting is the only secure voting tool.

voting-technology

Now, MIT researchers are raising another concern: They say they have discovered security vulnerabilities in a voting application used during the 2018 elections in West Virginia. The application's security analysis, called Voatz, identifies a number of vulnerabilities, including the ability for hackers to change, stop, or expose how an individual user was voted. In addition, the researchers found that the use of Voatz by an outside partner to identify and verify voters poses potential privacy concerns for users.

Following the disclosure of these security vulnerabilities, the researchers disclosed their findings to the Department of Cyber ​​Security and Infrastructure (CISA) of the Ministry of Homeland Security. The researchers worked with the Boston University / MIT Technology Law team and CISA electoral security officials to ensure that election executives and the software partner were aware of the findings before the investigation was published. This included preparing written summaries of the findings and direct discussions with affected electoral officials about calls organized by CISA.

In addition to being used in the 2018 elections in West Virginia, the application was used in elections in Denver, Oregon, and Utah, as well as in the 2016 Massachusetts and Utah Democratic Conventions.

The findings underscore the need for transparency in the design of voting systems, according to researchers.

- Advertisement -

"We all have an interest in increasing access to the vote to get more votes, but in order to maintain confidence in our electoral system, we must ensure that voting systems meet high technical and operational security standards before they are implemented," he says. Weitzner. "We cannot experiment with our democracy."

"The view of security experts is that secure elections online are not possible today," Koppel adds. "The rationale is that application weaknesses can give the opponent an unjustified influence in an election and today's software is unstable enough that the existence of unknown exploitable vulnerabilities is a very high risk."

Capture the results

The researchers originally inspired Voatz's security analysis based on Specter's research with Ronald Rivest, a professor at the MIT Institute. Neha Narula, Director of the MIT Digital Law Initiative, exploring the feasibility of using systems blockchain in the elections. According to researchers, Voatz claims to use a blockchain to ensure security, but has not released any source code or public documentation of how its system works.

Specter, who teaches a self-taught course at MIT founded by Koppel and focuses on reverse engineering software, outlined the idea of ​​applying Voatz reverse engineering in an effort to better understand how his system worked. To ensure that they do not interfere with pending elections or expose user files, Specter and Koppel reversed the application and then created a model of the Voatz server.

vote-technology

They found that an opponent with remote access to the device could change or discover a user's vote and that the server, if tampered with, could easily change those votes. "The application protocol does not appear to attempt to verify [authentic votes] via blockchain," Specter explains.

“We found that your ISP or someone close to you if you are in unencrypted Wi-Fi, could track how you voted in certain election configurations. The most aggressive malware could possibly detect how you're going to vote and then stop the connection based on that alone. "

In addition to detecting vulnerabilities through the Voatz voting process, Specter and Koppel have found that the application poses problems for users' privacy. As the application uses an external provider for voter ID verification, a third party may have access to the voter's photo, driver's license data or other forms of identification if the provider's platform is not secure.

Need for greater transparency

Specter and Koppel state that their conclusions point to the need for transparency in the administration of elections in order to ensure the integrity of the electoral process. At present, they note that the electoral process in states using paper ballots is designed to be transparent and that citizens and representatives of political parties have the opportunity to observe the voting process.

On the contrary, Koppel notes that “Voatz's implementation and infrastructure were completely closed infrastructures. We could only access the application itself. ”

“I think this type of analysis is extremely important. There is currently an effort to make voting more accessible by using online and mobile voting systems. The problem here is that sometimes these systems are not made by people who have experience in maintaining the security of voting systems, "says Matthew Green, an associate professor at the Johns Hopkins Information Security Institute. In the case of Voatz, he adds, "It seems like there were a lot of good intentions here, but the result lacks key features that will protect a voter and the integrity of the election."

Looking ahead, researchers warn that software developers need to prove that their systems are as safe as paper.

"The biggest issue is transparency," says Specter. "When you have a part of the election that is opaque, not visible, not public and has some kind of proprietary element, that part of the system is inherently suspicious and needs to be checked."

SecNews
SecNewshttps://www.secnews.gr
In a world without fences and walls, who needs Gates and Windows

LEAVE ANSWER

Please enter your comment!
Please enter your name here

LIVE NEWS

Research: Teenagers prefer iPhones to Samsung phones

According to research conducted every six months in order to record the habits of teenagers, young people do not choose Samsung phones ....

Bill Gates: Schools open in the fall and the economy collapses

Bill Gates believes schools will be able to open in the fall, he told Becky Quick on CNBC.

OTE Group Telecommunications Museum: Educational programs and entertainment activities from home for children aged 4-12 and the whole family

Educational programs and entertainment activities for children and families, in which they can participate from home, are offered by the Group's Telecommunications Museum ...

Microsoft: The April 2020 update for Office has been released

Microsoft released the non-security updates of April 2020 for Microsoft Office, which include corrections for errors as well as improvements ...

Tesla's new Cheetah mode offers top performance

The new Cheetah mode in the Tesla S model pushes the electric car from 0 to 100 km / h faster than ...

Tails 4.5: The new, safer version has been released!

Tails 4.5: The new, safer version has been released - Tails, is a live operating system based on ...

Windows 10 feature helps to delete useless files and apps

Windows 10 will make it easier to delete useless files and apps by displaying them in a list.

Cloudflare: Stops using Google's reCAPTCHA!

Cloudflare has announced that it will stop using Google's reCAPTCHA and switch to a new bot detector that ...

Google Stadia Pro is available for free for two months! Time for video games!

The situation we are experiencing lately due to corona, is one of the most difficult situations of ...

Russia is expected to try to manipulate the 2020 elections

The report comes after election security experts remain on alert for attempts to manipulate the 2020 election by ...