Security News > 2020 > February > Voatz of no confidence: MIT boffins eviscerate US election app, claim fiends could exploit flaws to derail democracy

Voatz of no confidence: MIT boffins eviscerate US election app, claim fiends could exploit flaws to derail democracy
2020-02-13 21:58

Only a week after the mobile app meltdown in Iowa's Democratic Caucus, computer scientists at MIT have revealed their analysis of the Voatz app used in West Virginia's 2018 midterm election.

They claim the Android app is vulnerable to attacks that could undermine election integrity in the US state.

"We additionally find that Voatz has a number of privacy issues stemming from their use of third-party services for crucial app functionality."

Specifically, the researchers discovered that malware or some miscreant with root access to a voter's mobile device can bypass the host protection provided by mobile security software known as the Zimperium SDK. The SDK, incorporated into the app, is designed to detect debugging attempts and efforts to modify the app.

What's more, though Voatz, the company behind the app, boasts its app data is secured by blockchain technology, the researchers say that when they examined the code, they found "No indication that the app receives or validates any record that has been authenticated to, or stored in, any form of a blockchain." And they found "No reference to hash chains, transparency logs, or other cryptographic proofs of inclusion."


News URL

https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/02/13/voatz_mit_election_app/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
MIT 6 3 15 12 8 38