With COVID-19 dominating the national conversation, there has been growing discussion about how to reduce crowds and lines at polling places during the 2020 election cycle. One possibility is to enable voting via smartphones. However, cybersecurity experts remain incredibly cautious given security concerns.
In a report released March 13, Trail of Bits, an IT security services provider, raised concerns regarding Voatz, a mobile voting app that uses smartphones, facial recognition, multifactor authentication, and blockchain technology to allow voting with smartphones.
Voatz has been used in West Virginia and Detroit, among others, to allow residents living abroad, military members, and people with disabilities to vote remotely. However, the company has faced scrutiny from legislators and academia regarding the security of its app. On Feb. 28, West Virginia – which was an early adopter of the app – announced that the state will cease using the Voatz app for its May 12 primary election.
Trail of Bits, which was engaged by Voatz to produce its report, conducted what it says is the first white-box security assessment of Voatz. A white-box test is a method of software testing that examines the internal workings of an app, as opposed to its functionality. In its 121 page report, Trail of Bits identified 48 findings, a third of which it described as “high severity” and a quarter of which are “medium severity.”
The report raised “high severity” concerns regarding Voatz’s “improper use of cryptographic algorithms, as well as ad hoc cryptographic protocols.” Trail of Bits also cited data validation issues, saying it has a “family of findings related to reliance on unvalidated data provided by the clients.” Specifically, the report’s findings indicated that Voatz’s backend “could allow one voter to masquerade as another before even touching the blockchain.”
Additionally, the report found that sensitive credentials are available to Voatz developers and “personally identifiable information … can be leaked to attackers.” Trail of Bits explained that storing voting data on a blockchain maintains an audible record to prevent fraud. However, this “comes at the expense of both privacy and an increased attack surface.” The report said that because voters do not connect to the blockchain themselves, they are unable to independently verify that their votes were recorded properly. Additionally, the report noted that “anyone with administrative access to the Voatz backend servers will have enough information to full reconstruct the entire election, deanonymize voters, deny votes, alter votes, and invalidate audit trails.”
The report acknowledged that Voatz’s code in both the backend and mobile clients is “written intelligibly with a clear understanding of software engineering principles” and that the code is free of “almost all the common security foibles.” However, Trail of Bits did say that “it is clear that the Voatz database is the product of years of fast-paced development” and “it lacks test coverage and documentation.”