An image from a promotional video for Voatz. Image: Voatz/Vimeo
A mobile voting app being used in West Virginia and other states has elementary security flaws that would allow someone to see and intercept votes as they’re transmitted from mobile phones to the voting company’s server, new research reveals.An attacker would also be able to alter the user’s vote and trick the user into believing their vote was transmitted accurately, researchers from the Massachusetts Technology Institute write in a paper released Thursday.
The app, called Voatz, also has problems with how it handles authentication between the voter’s mobile phone and the backend server, allowing an attacker to impersonate a user’s phone. Even more surprising, although the makers of Voatz have touted its use of blockchain technology to secure the transmission and storage of votes, the researchers found that the blockchain isn’t actually used in the way Voatz claims it is, thereby supplying no additional security to the system.
The research was conducted by Michael Specter and James Koppel, two graduate students in MIT’s Computer Science and Artificial Intelligence Lab, and Daniel Weitzner, principal research scientist with the lab.Election security experts praised the research and said it shows that long-held concerns about mobile voting are well-founded.“It’s really impressive that they were able to find such a pervasive set of vulnerabilities,” said Matt Blaze, an election security expert and computer science professor at Georgetown Law School. “But we should also remember that it’s ultimately unsurprising that they would be able to do so. Because every expert has warned against internet voting as being vulnerable to flaws exactly like this.”Alex Halderman, also an election security expert and professor of computer science at the University of Michigan, said the research appears to have been done “meticulously” and the findings “make Voatz seem like a sham.”
“It looks awfully sloppy—the whole thing.”
The most interesting part of the research, he said, is that it appears to show that there’s no blockchain technology involved in transferring the vote to Voatz’ server.“That transfer is protected only by an https connection as far as the network connectivity goes,” he told Motherboard. “As a result, there’s nothing more advanced going on in protecting the vote transmission from the app than there would be just with a simple web browser. There’s no ‘there’ there.”The New York Times, which first reported on the research, wrote that the researchers provided a copy of their report to the Department of Homeland Security last month, which organized briefings about it with state and county election officials who are planning to use the Voatz software.Voatz has been surrounded by controversy ever since West Virginia used it in a pilot program to allow military and overseas voters to cast ballots via their phone. The software has also been used in pilot projects in elections in Denver and parts of Oregon, Utah and Washington State. West Virginia recently announced plans to expand its use of Voatz to disabled voters in this year’s presidential elections.Voatz has touted its system as highly secure and claimed to have had its code independently reviewed by security experts. But the company has long refused to release the findings of those security experts or answer detailed questions about how its system works.
The MIT researchers downloaded the version of the app that’s available in the Google Play store for Android phones and reverse-engineered it to determine how it works and examine it for flaws. They weren’t able to examine the Voatz backend server directly, as this would have violated computer crime laws. But they were able to construct a simulated server that operates like the Voatz server, based on their understanding of how the server works from reverse engineering the app.From their examination, they found problems with the application that runs on mobile phones, with the communication between those devices and the Voatz backend server, and with the server setup itself.One of the biggest concerns experts have long expressed about internet and mobile voting is that the voter’s computer or phone can be compromised, allowing an attacker to alter votes or prevent users from transmitting their ballots. The MIT researchers found that flaws in the Voatz software would indeed allow an attacker to bypass protections on a voter’s phone to alter votes and steal keys that the voter’s device uses to authenticate itself to the backend Voatz server when it transmits the user’s vote. This would allow an attacker to trick the server into thinking an attacker’s device and vote are authentic.“We find that an attacker with root privileges on the device can disable all of Voatz’s host-based protections, and therefore stealthily control the user’s vote, expose her private ballot, and exfiltrate the user’s PIN and other data used to authenticate to the server,” the researchers write.
An attacker would also be able to trick the voter into thinking their vote was transmitted and received correctly by the server.“It is straightforward to modify the app so that it submits any attacker-desired vote, yet presents the same UI as if the app recorded the user’s submitted vote,” they write. “Similarly, the attacker could stealthily suppress voter’s choices if they select an undesired candidate, but continue to show the verification dialog as if the vote had successfully been cast.”Both Halderman and Blaze say that Voatz implemented some techniques in the app that are designed to obfuscate how the app works and provide obstacles to anyone trying to reverse-engineer it. But despite this, the MIT researchers were able to reverse it to find flaws, just as any attacker would be able to do so.“That’s really all you can do to prevent people from attacking systems like this, because a mobile app is fundamentally running on an insecure untrustworthy platform,” Blaze said. “All you can really hope for is that an adversary isn’t going to figure out a specific way of exploiting it, and that’s ultimately a losing game as we see here.”The researchers also found that despite the fact that traffic from the voter’s phone to the server is encrypted, an attacker who is able to intercept that traffic can still determine how the user is voting and thereby block any votes that are not for the attacker's desired candidate.
“The surprising thing here is that the Voatz app turns out to be as simplistic as it is.”
“It looks awfully sloppy—the whole thing,” said Blaze. “The fact that there was no padding in the messages sent over the network which would allow an attacker merely observing network traffic to derive who is being voted for… that’s a pretty elementary type of mistake to be making in designing a protocol.”The most surprising part of the research, experts say, is the failed use of blockchain technology—one of the app’s primary selling points—to implement an additional layer of security to that transmission.“Many observers have been assuming that there was something more advanced to the Voatz technology than what there turns out to be,” said Halderman. “The surprising thing here is that the Voatz app turns out to be as simplistic as it is.”Halderman said the Voatz application is less secure and well done than other internet voting systems, such as one deployed in Switzerland.“The Swiss system is far more sophisticated than the Voatz system. That’s one of the important things to take away from this paper—that Voatz apparently is not using tech that’s close to the state of the art,” he said. The Swiss system, despite its sophistication, was also shown to have major security issues by experts.Matthew Green, a cryptographer and computer science professor at Johns Hopkins University, said that without the use of blockchain for transmitting votes, the Voatz app is “literally just some mobile phone app that you punch your vote into and send it to a server…. At least the Swiss system was made by people who really spent time trying to do this right. [The Voatz system] looks like someone who came into the voting scene without any experience.”
Voatz took aim at the research in a blog post the company published Thursday, though without directly addressing any of the specific vulnerabilities the researchers found. Instead, the company claimed that the researchers examined an old version of the application that has not been used in elections—although this is the version that was available in the Google Play store. They also say that because the researchers never examined the Voatz back-end server that communicates with mobile phones and receives the votes, they can’t know for certain how it works.“[T]o make claims about a backend server without any evidence or connection to the server negates any degree of credibility on behalf of the researchers,” the company wrote.But Halderman said that the vulnerabilities the researchers discovered just in the app alone and in the transmission of votes provide no confidence that the company got the security of its backend server right either, potentially allowing someone to alter votes at scale if that isn’t secured properly.“It would be very revealing to find out how the server works as well,” he said. “There may well be many more problems in addition to the ones that the mat paper has documented.”He said that the company’s other defenses are the same that voting machine makers like Diebold Election Systems and Election Systems and Software have made over the years any time researchers found security problems with their systems. “[They always say] it’s not realistic [research], or it was an older version [of software].But the vulnerabilities discovered in Diebold and ES&S systems have all “turned out to be significant problems and it’s well recognized that [those] voting systems aren’t safe,” he said. “And I think we’re seeing the same kind of dynamic playing out here.”