Why am I totally not surprised by this:
’Sloppy’ Mobile Voting App Used in Four States Has ‘Elementary’ Security Flaws
MIT researchers say an attacker could intercept and alter votes, while making voters think their votes have been cast correctly, or trick the votes server into accepting connections from an attacker.
A mobile voting app being used in West Virginia and other states has elementary security flaws that would allow someone to see and intercept votes as they’re transmitted from mobile phones to the voting company’s server, new research reveals.
An attacker would also be able to alter the user’s vote and trick the user into believing their vote was transmitted accurately, researchers from the Massachusetts Technology Institute write in a paper released Thursday.
The app, called Voatz, also has problems with how it handles authentication between the voter’s mobile phone and the backend server, allowing an attacker to impersonate a user’s phone. Even more surprising, although the makers of Voatz have touted its use of blockchain technology to secure the transmission and storage of votes, the researchers found that the blockchain isn’t actually used in the way Voatz claims it is, thereby supplying no additional security to the system.
Read the whole article. The company involved has made a generic defense, the same defense that other companies that made faulty electronic voting machines have made. It seems pretty clear that they made only a passing effort at making their system secure. Almost like they were working for someone with an interest in hacking our elections. Hmmmm.
Anyone with even a passing familiarity with the internet knows beyond doubt that holding elections via the internet is an invitation to outside forces such as, (would you believe!) the Russians to interfere in our elections. The United States Senate Republicans have proven time and again that they are fine with outside interference.
The fact that states like West Virginia are buying into these systems can be explained in only one of two ways: 1) Election officials are monumentally stupid, or 2) the election officials involved have reason to believe that hackers will be on their side. Given Republican resistance to efforts to protect our elections, the preponderance of the evidence would indicate a clear choice between the two possibilities.
Sometimes the old ways are better. It is a no brainer that paper ballots, initially tabulated by machines that are in no way connected or capable of connection to the internet are the way to go. It may take a little longer to get official results, but it’s better than living another four years under the stable genius.
Post a Comment