Hackers attack blockchain-based mobile voting systems
For better or worse reasons, technological advances will always be reflected in most aspects of our lives, and democratic processes are no exception. Web application security specialists reported that in the 2018 midterm elections an unidentified threat actor tried to hack into the blockchain-based voting system used in West Virginia, known as Voatz.
Although the attack was unsuccessful, the FBI has continued to follow up on this incident. “Last year we detected an attempted hacking against the mobile voting system in Virginia. The security protocols of the electoral system worked as expected. The FBI is investigating the IP addresses linked to this malicious activity,” said Andrew Warner, West Virginia’s secretary of state.
During past elections, at least 140 Virginia
voters, including active members of the US Military residing abroad, used the
Voatz mobile app, powered by blockchain,
to cast their votes to elect members of the US Congress and local
representatives. Although it seems like a very small number of voters it could
still be decisive, especially in local elections. For example, four seats in
the West Virginia Delegate house decided on less than 100 votes.
Through this app, users had to verify their
identity using multi-factor authentication in conjunction with facial
recognition software. Once this process was completed, users accessed their
ballot and sent their votes. While it sounds pretty secure, web application
security experts believe Voatz could still have some security weakness.
“Apparently the hacking attempt was not
successful, but this is a sign that electronic voting systems could become one
of the main targets of malicious hacker groups. Moreover, although this system
seems to be more secure than its predecessors, it is difficult to evaluate it,
as there are various confidentiality agreements,” the experts mention.
Uncertainty regarding Voatz is shared by other
members of the cybersecurity community, such as Matt Blaze, a web application
security specialist at Georgetown University. “Another aspect to consider
is the use of this system on conventional smartphones. Blockchain security does
not extend to the device where the application was installed, so a threat actor
could try to attack the user from that point,” he says.
During a recent funding campaign, Voatz managed
to raise $7 million USD to continue its investigation, so it is highly likely
that its use will continue to be enforced, at least the West Virginia
authorities.
The US presidential election is less than two
years away, so web application security specialists from the International
Institute of Cyber Security (IICS) highlight the importance of Voatz, and any
other similar system, adopting a more open stance to public scrutiny.
Continuing to use Voatz despite not having as much information as possible
seems a little responsible measure by the US authorities.
Gloss