A Mobile Voting App Currently in Use Has Severe Security Flaws

Not good.

The Voatz app has problems. Big ones.

A newly released audit reveals mobile voting app Voatz has more than a dozen critical security flaws, Vice reported. The app has already been used in elections in the United States, with its creators claiming “more than 80,000 votes have been cast on the Voatz platform across more than 50 elections” since 2016.

The audit, prepared by cybersecurity firm Trail of Bits for Voatz and Tusk Philanthropies, found 48 technical vulnerabilities, 16 of which were marked “high-severity issues.” According to Vice, that’s an “unusually high and concerning number of critical vulnerabilities,” even given the many previous warnings from experts who have cautioned that it is nearly impossible to design an online voting system that doesn’t have serious security flaws.

“This damning report is clear evidence that election officials must listen to these experts and reject online voting snake oil like the insecure Voatz app,” Senator Ron Wyden said.

“We now know that Voatz and its backers commissioned secret, misleading audit reports, by organizations with no technical security experts, in order to deceive state and local elections officials that their product was secure,” Trail of Bits wrote in the report, which also revealed that Voatz publicly refuted a previous MIT report that found flaws in the app.

“It is profoundly troubling to hear that Voatz was aware that the vulnerabilities found in our research were still active at the same time they were misrepresenting and downplaying our findings to the Department of Homeland Security, state elections officials, and the public,” the authors of the MIT report told Vice in a statement. “This only shows that we should never take an election software company at their word. Voting systems must be subject to thorough public inspection before they are used.”

Subscribe here for our free daily newsletter. 

The InsideHook Newsletter.

News, advice and insights for the most interesting person in the room.