Security News > 2020 > February > MIT finds massive security flaws with blockchain voting app
"The makers of the blockchain voting platform Voatz have had to go on the offensive to address assertions from MIT researchers that their app is insecure and can be easily hacked into. MIT researchers released a lengthy paper on Thursday that said hackers could change votes through the app, which has already been used in Oregon, West Virginia, Washington, and Utah since 2018."Their security analysis of the application, called Voatz, pinpoints a number of weaknesses, including the opportunity for hackers to alter, stop, or expose how an individual user has voted," MIT said in a news release.
Michael Specter, a graduate student in MIT's Department of Electrical Engineering and Computer Science and a member of MIT's Internet Policy Research Initiative, and James Koppel, also a graduate student in EECS, described what went wrong with Voatz and how they discovered the vulnerabilities in their paper, "The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S Federal Elections."
NBC obtained a study of Voatz conducted by the Department of Homeland Security last year that found a number of security flaws as well.
"So as far as Voatz users are concerned, we do not believe that they should be worried at all about these vulnerabilities." Sawhney went on to say that the MIT researchers could not reverse engineer all the code in the Android app and are missing some pieces in the Android app itself as well as a significant portion of Voatz' server architecture information.
The MIT researchers have not responded to the assertions made by Voatz executives but were very clear that no app like Voatz should be used during elections at this point.