informa
/
Cybersecurity In-Depth
The Edge

Is Voting by Mobile App a Better Security Option or Just 'A Bad Idea'?

Security experts say voting by app adds another level of risk, as mobile-voting pilots expand for overseas military and voters with disabilities.

{CONTINUED FROM PAGE 2}

Truppi says he believes the Federal Election Commission (FEC) ultimately should provide guidelines for securing mobile-voting infrastructures. Among the issues that need to be more clearly defined, he says, are the minimum level of encryption for ballots, both at rest and in transit.

"I've talked to Tusk about building a framework like that," he says.

No Rush
A Denver-based cybersecurity nonprofit called the National Cybersecurity Center (NCC) audited the mobile-voting pilot for the city's municipal elections this spring that allowed military and citizens overseas to vote via their smartphones with the Voatz app, which voters can download on Google Play and Apple Store. Forrest Senti, director of government affairs at the NCC, says the pilot's goal was to remedy problems with the current methods of sending ballots, unencrypted, via email and fax.

It's unclear, though, whether mobile voting could expand beyond its current narrow scope of overseas voters and those with disabilities, Senti says. "One way we can figure out if mobile is a solution is to keep testing it and deploying it," he says. NCC recommends that the US Department of Homeland Security (DHS), as well as security researchers, dig into mobile-voting technology to root out security vulnerabilities and weaknesses.

Ideally, the apps could be included in the DEF CON Voting Village for hackers to test as well, he says. "We've talked about it, and it would be interesting to see if setting up a live demo would be possible," he says.

Voatz's Sawhney also supports a gradual rollout of mobile voting. The goal, he says, is to introduce mobile voting slowly and methodically. Close to 90,000 voters overall have cast their ballots via Voatz in various types of elections, including more than 700 overseas military and civilians.

"We don't want to do it too fast," he notes. "So I think dividing the process into baby steps is important. The first was military and overseas citizens, and next was the disability [community]." 

Voatz hopes to open up mobile voting after 2021 to more communities, including students away at college who want to vote absentee. "We are very optimistic" of the future of mobile voting, he says.

Attacks on the Horizon
Sawhney's company also is working on improving its platform to face evolving and expanding security threats, he says. "Our security infrastructure needs to be able to handle that. So we've kind of been working on simulating some of those" threats already, Sawhney says.

Voatz's current method of monitoring its voting infrastructure 24/7, for example, won't be sufficient if mobile voting expands beyond the pilots. "We will need help from other parties as well: election jurisdictions ... other stakeholders in the ecosystem," he says.

The hope is that mobile service providers might work with Voatz in monitoring for threats, as part of a collaborative effort, he says.

Not surprisingly Voatz already has experienced attack attempts on its infrastructure. One incident during the 2018 midterm elections in West Virginia recently went public after the FBI opened an investigation into the attack. An intruder attempting to hack the app was spotted by Voatz, who reported it to the state election officials after thwarting the attacker.

The attacker appeared to be coming in from an unrelated geographic location, which is what initially set off alarms for Voatz. According to a CNN report, a University of Michigan student attempted to hack the app for an election security course. Sawhney declined to comment on the report but says it wasn't the first attack attempt his team has thwarted.

The attacker in the West Virginia election tried to register to vote but wasn't on the verified voter list, so he didn't get past that step. He then downloaded the app on another device and attempted to connect his smartphone to a computer, which raised more flags, Sawhney says. "He didn't get a chance to do anything more than register, so it's hard to determine what his real intent was," he says.

Sawhney says most of the Voatz team comes from a security background.

"I used to part of a threat team in my past life," he says, adding that he's interested in collaborating with the DEF CON Voting Village to test the mobile-voting system and provide feedback on their findings. "We would love any help improving the system," he says. He says he wants to be sure, though, that testing in the Voting Village wouldn't be for creating a "scandal" or bashing the election industry. 

But the nagging security implications of voting by mobile app loom large for several members of the cybersecurity community. Chris Wysopal, co-founder of software security firm Veracode, says he understands the convenience of mobile voting and how it could garner greater voter turnout. But it also could open up more targeted attacks if it were to become widely adopted, he says.

"The thing that scares me is when a particular population is targeted" and attackers study up on their common weaknesses and employ a systematic approach to wage cyberattacks on them, Wysopal says. Attackers could select a few swing-states or counties and set up waterholing attacks that discern their phone platforms and then drop exploits onto their phones.

Similarly, if the smartphone's presentation layer was compromised by a hacker, it could fool the voter into believing he or she had voted one way while instead the attacker voted for another candidate, notes Sam Curry, chief security officer at security vendor Cybereason.

"It could make 10,000 people in a critical district vote" unknowingly for a different candidate than they selected, he says. "You can't secure a phone presentation layer" completely, he says.

Mobile Voting Resumes
In the meantime, the newest Voatz mobile-voting pilots are kicking off in Oregon and Utah amid security concerns about this new method of voting. The University of New Haven's Baggili says just because you build an app from the ground up with security doesn't mean it's secure, and the blockchain itself may not be deployed securely.

"I could write malware impersonating the touchscreen on the phone, launch the app, and have it ask the voter to cast the vote for who they want to. It's hard to reverse that vote on the blockchain," he says.

He acknowledges that the mobile-voting experiments could, however, help shine a light on how to reach more voters digitally in a more secure manner, he says.

But there's one thing both sides agree on, besides the need for paper ballots to serve as a confirmation of a vote: Elections need better security overall to ensure votes are properly cast and counted — and that the outcome is trusted and provable to the candidates and voters. The two sides just don't agree on whether mobile voting can achieve that level of trust.