Skip to Content
Computing

Hackers could crack a voting app already used in US elections

voter stickers
voter stickersPhoto by Element5 Digital on Unsplash

Voatz, an online election app increasingly popular in the United States, is riddled with serious security vulnerabilities, according to a new study from researchers at MIT. They conclude that hackers who strike the Voatz app can potentially alter, stop, or expose individual votes.

The news comes just weeks after a hastily made app fell apart during the Democratic Party’s Iowa caucus, a high-profile failure that put a spotlight on how faulty technology can undermine democratic processes.

“We all have an interest in increasing access to the ballot, but in order to maintain trust in our elections system, we must assure that voting systems meet the high technical and operation security standards before they are put in the field,” said Daniel Weitzner, a principal research scientist at MIT’s Computer Science and Artificial Intelligence Lab, who guided the research. “We cannot experiment on our democracy.”

Get out the Voatz: Voatz has already been used as a pilot program in federal elections, most recently the 2018 midterm elections in West Virginia as well as previous ballots in Denver, Oregon, and Utah. Around 600 voters were involved, according to the company. Thousands more are set to use the app this year. 

Sticks and stones: In response to the study, the company that produced Voatz accused the researchers of faulty analysis, “untested claims,” and “bad faith recommendations.” 

In a lengthy statement, the company said the cybersecurity researchers were aiming primarily for media attention and claimed that they seek to “disrupt the election process, to sow doubt in the security of our election infrastructure, and to spread fear and confusion.”

In fact, the researchers took their findings to the Department of Homeland Security’s Cybersecurity and Infrastructure Agency in January, which led DHS to hold private briefings for election officials using Voatz.

“We want to be clear that all nine of our governmental pilot elections conducted to date, involving less than 600 voters, have been conducted safely and securely with no reported issues,” the company said in a statement. “Pilot programs like ours are invaluable.”

Expert view: “The consensus of security experts is that running a secure election over the internet is not possible today,” said James Koppel, one of the MIT researchers. “The reasoning is that weaknesses anywhere in a large chain can give an adversary undue influence over an election, and today’s software is shaky enough that the existence of unknown exploitable flaws is too great a risk to take.”

A landmark 2018 report from the National Academies of Sciences concluded that online voting systems should not be used until they can be verified as trusted and secure.

“The choice here is not about turnout,” the report said, “but about an adversary controlling the election result and a loss of voter privacy.”

Deep Dive

Computing

Inside the hunt for new physics at the world’s largest particle collider

The Large Hadron Collider hasn’t seen any new particles since the discovery of the Higgs boson in 2012. Here’s what researchers are trying to do about it.

Why China is betting big on chiplets

By connecting several less-advanced chips into one, Chinese companies could circumvent the sanctions set by the US government.

How Wi-Fi sensing became usable tech

After a decade of obscurity, the technology is being used to track people’s movements.

VR headsets can be hacked with an Inception-style attack

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.