On the heels of the voting app debacle during the Iowa Democratic caucuses, researchers at MIT have found multiple security- and privacy-related vulnerabilities in an online voting app, Voatz, used in West Virginia during the 2018 midterm elections and on track to be used again for the 2020 contests, according to a security audit released this week.

West Virginia stepped out in front of other states by being the first to use an online voting app, but Voatz, which now also has been used in federal, state and municipal elections in West Virginia, Denver, Oregon, and Utah - and in the 2016 Massachusetts Democratic Convention and the 2016 Utah Republican Convention - “has vulnerabilities that allow different kinds of adversaries to alter, stop, or expose a user’s vote, including a sidechannel attack in which a completely passive network adversary can potentially recover a user’s secret ballot,” the MIT audit found.

Privacy issues abound as well through the use of third-party services to provide functionality crucial to the app, which targets overseas military and other absentee voters.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.