West Virginia and Oregon have both recently deployed a mobile voting app called Voatz to facilitate absentee voting. But Voatz now turns out to have major security flaws, according to researchers from the Massachusetts Institute of Technology—including vulnerabilities that could let a hacker manipulate results.
The newly unearthed bugs could allow an attacker to reveal someone’s votes, block votes from being submitted, or even manipulate them. The findings, first reported in The New York Times, come as the United States is grappling with broad election security issues and debating whether mobile voting can safely expand accessibility. Security experts have long warned that it’s virtually impossible to guarantee safe mobile voting, while Voatz and other companies argue that technologies like biometric authentication and blockchain will make the process secure. Apparently note quite yet, though.
“Given the severity of failings discussed in this paper, the lack of transparency, the risks to voter privacy, and the trivial nature of the attacks, we suggest that any near-future plans to use this app for high-stakes elections be abandoned,” wrote MIT researchers Michael Specter, James Koppel, and Daniel Weitzner.