•   
  •   
  •   

Technology Security experts raise concerns about voting app used by military

00:05  15 february  2020
00:05  15 february  2020 Source:   cnn.com

US Army bans TikTok app from government phones

  US Army bans TikTok app from government phones The move follows Pentagon guidance and a similar ban from the US Navy.Owned by Beijing-based ByteDance, TikTok has drawn concern from US officials who worry that China's companies are under the thumb of the country's government and could use its products for spying.

Election technology experts are raising serious security concerns about mobile voting systems There is an overwhelming consensus in the election security community that mobile voting using To use the Voatz system, voters download the Voatz app onto their iPhone or Android smartphone.

Researchers at the Massachusetts Institute of Technology, better known as MIT, say they have found security vulnerabilities, with a cell phone voting app called "VOATZ." The is the app used in West Virginia that allowed overseas military personnel to vote on the 2018 election.

Security researchers are reporting flaws in a smartphone-based voting app that's been used by military voters overseas and is now being tested for use in the US.

a large red chair in front of a curtain: A voter marks her ballot in the state's presidential primary election in Milton, New Hampshire, U.S., February 11, 2020. REUTERS/Rick Wilking© Rick Wilking/Reuters A voter marks her ballot in the state's presidential primary election in Milton, New Hampshire, U.S., February 11, 2020. REUTERS/Rick Wilking

The vulnerabilities could allow nation-state hackers to view, block or even change smartphone ballots before they're counted, according to a new paper written by three researchers at the Massachusetts Institute of Technology.

The app is designed by the company Voatz, whose technology has been piloted so far in West Virginia, Colorado and Utah.

West Virginia plans to make smartphone voting available to disabled people for 2020 election

  West Virginia plans to make smartphone voting available to disabled people for 2020 election Cybersecurity experts have long railed against voting apps, saying that any kind of online voting unnecessarily increases security risks. "Mobile voting systems completely run counter to the overwhelming consensus of every expert in the field," said Matt Blaze, a computer scientist at Georgetown University and a seasoned election security researcher. "This is incredibly unwise."Researchers have not identified any specific security problems with Voatz, but broader concerns about the app and election security in general have spurred greater scrutiny of it. In November, Sen. Ron Wyden, D-Ore.

Thousands are set to use the app in this year’s elections, a small but growing experiment that could pave the way for a wider acceptance of mobile Until now, security experts have focused criticism on what they described as Voatz’s opaque systems, which make it impossible to verify its security claims.

Election technology experts are raising serious security concerns about mobile voting systems Security flaws mar mobile voting app , researchers say . Voatz, maker of a smartphone app used by military and overseas voters , disputes the findings as incomplete.The app , used primarily by

The company called the report "flawed"in a statement posted to its website Thursday.

"We want to be clear that all nine of our governmental pilot elections conducted to date, involving less than 600 voters, have been conducted safely and securely with no reported issues," Voatz said in the statement. "The researchers' true aim is to deliberately disrupt the election process, to sow doubt in the security of our election infrastructure, and to spread fear and confusion."

The report comes amid rising concern about the use of apps and online voting tools in the 2020 election following the failure of reporting tools in the Iowa caucuses.

Last year, Utah County, Utah, began using Voatz for disabled and military voters based overseas. In an interview, County Clerk Amelia Powers Gardner said Voatz made more sense than the previous system, which required remote voters to submit their ballots by email.

Iowa Caucuses to Be Testing Ground for New Efforts to Protect Voting From Hackers

  Iowa Caucuses to Be Testing Ground for New Efforts to Protect Voting From Hackers With Iowans kicking off the 2020 presidential election season, there is also a race to protect voting from cyberattacks and other intrusions. Precautions being taken to secure elections range from revamped electronic voting systems backed up by paper ballots to having cybersecurity experts on standby on voting days. Election officials from across the country gathering this weekend in Washington are discussing contingency planning and other safeguard measures for the 2020 voting season.

possible security vulnerabilities within the only internet voting app currently in use in the state . more voters , skeptics have long raised concerns about election hacking of the app , which uses “Mobile voting apps have yet to demonstrate their ability to detect any hack or error and recover from it.

Voatz is a Boston-based mobile voting app maker “on a mission to make voting safer and more… Mason County in Washington and Jackson and Umatilla Counties in Oregon are planning on using Voatz. Voatz is already facing questions and concern about the security of its app in the Northwest.

A review of Utah County's implementation of Voatz -- prior to the MIT report's publication -- did not uncover any problems, Gardner told CNN. Gardner said that in phone conversations with the MIT researchers, it became clear they preferred voting to be done the traditional way, by pencil and paper. But Gardner said that isn't feasible for Utahns living abroad.

"I have a legal obligation to provide our military members overseas an electronic form of a ballot," she said, "and if it's not this, it's email -- which they agreed is not as secure."

The researchers' conclusions about security risks in the app were based on a reverse-engineered version of Voatz's Android app, which they ran in a simulated environment. According to the study, a hacker who gains control of a smartphone with the app installed could interfere in the voting process by altering ballots or figuring out which candidate a voter supports.

West Virginia will allow people with disabilities to vote by smartphone

  West Virginia will allow people with disabilities to vote by smartphone More governments in the US are offering the option to vote by smartphone. West Virginia's governor is poised to sign a bill requiring that all counties offer people with disabilities a way to vote online, just in time for the 2020 presidential election. It'd be the first state to provide the option. While the details have yet to be established, Secretary of State Mac Warner said it would most likely offer the mobile app Voatz, just like it did when it allowed online voting for overseas troops.Security is a concern, though.

Election security experts praised the research and said it shows that long-held concerns about mobile voting are well-founded. Voatz has been surrounded by controversy ever since West Virginia used it in a pilot program to allow military and overseas voters to cast ballots via their phone.

Election technology experts are raising serious security concerns about mobile voting systems. Independent experts agree. There is an overwhelming consensus in the election security To use the Voatz system, voters download the Voatz app onto their iPhone or Android smartphone.

"Which means they could stop your ballot if they knew you were going to vote for someone they didn't like," Mike Specter, one of the authors of the report, told CNN.

Other election security experts who have reviewed the MIT paper say it appears solid.

"This study from MIT appears to have been structured with care in the way that the analysis was conducted," said Andrea Matwyshyn, an election security expert at Penn State University.

On a conference call with reporters Thursday, however, Voatz criticized the report's methodology. Company executives said the researchers had used an outdated version of the software and that some of the issues they found had already been patched. Voatz also accused the researchers of making "hypothetical" claims based on their simulation, rather than having the app interact with an actual Voatz server.

"We already have this server available," said Nimit Sawhney, Voatz's CEO. "It's to our public bug bounty program. Anybody who wishes to sign up, test the apps over there, against the real server with full functionality, is able to do that."

Security flaws mar mobile voting app, researchers say

  Security flaws mar mobile voting app, researchers say Voatz, maker of a smartphone app used by military and overseas voters, disputes the findings as incomplete.The app, used primarily by military and overseas voters, is the only voting app on the market, according to The New York Times, which reported the research earlier Thursday. The weaknesses addressed in the MIT paper were in the app that's installed on voters' phones.

An internet voting app that has been used in pilots in West Virginia, Denver, Oregon and Utah has The analysis of the Voatz app , which has mostly been used for absentee voters and overseas military personnel Voting security experts have long argued that online voting is dangerously insecure.

Online voting has major security flaws, and experts are concerned that Voatz, the platform West Virginia will use this midterm election, doesn't solve them. Some West Virginia military members will be able to vote via app in this November's elections.Eduardo Munoz Alvarez/Getty Images.

The company declined to comment further.

While participating in the bug bounty program would allow researchers to verify how Voatz's app interacts with the company's servers, the law largely prohibits researchers from testing the servers themselves, said Eric Mill, a cybersecurity expert who has administered technology programs for the federal government.

"The fact that the app happens to talk to the server isn't the same as giving permission to research the real server," said Mill.

Critics say Voatz should be more transparent about its technology and those it has tapped to perform independent audits. They also say Voatz previously reported a University of Michigan researcher to the FBI for conducting similar tests of the technology, and the report's authors cited that episode as a reason they did not contact the company directly.

They instead reported their findings to the Department of Homeland Security, which routinely acts as a clearinghouse for election integrity information.

Voatz said Thursday that the MIT researchers should have reached out to them, in spite of their concerns about Voatz's handling of prior research attempts. It also said it has signed non-disclosure agreements that prevent the company from discussing many of its past audits, though it did acknowledge that DHS has done its own review.

The technology news site Coindesk said it obtained a copy of the DHS review and reported it on Friday, adding that while US officials found few major issues with Voatz, the review focused primarily on the company's internal network and servers -- not the app that was the subject of the MIT report.

The tension between Voatz and independent security experts is not surprising, Mill said. But he added that the trend in the industry in recent years has tended toward greater disclosure and openness, not less -- making Voatz's reaction to the report stand out. It also highlights a common misperception that greater secrecy leads to stronger security, he said.

"That basic feeling of security through obscurity, that you want to release as few details as possible to give your attacker as little information as possible, is a very common gut instinct for a lot of lay folks and in some cases by technologists," said Mill. "It comes from fear and also maybe not understanding or appreciating the public's role in ensuring defense."

Security experts raise concerns about voting app used by military .
Buffalo Sabres Vice President of Business Administration Kevyn Adams joins Howard & Jeremy to address fans frustrations.

—   Share news in the SOC. Networks

Topical videos:

usr: 4
This is interesting!