Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

6/9/2020
02:00 PM
Scott White
Scott White
Commentary
50%
50%

Will Vote-by-App Ever Be Safe?

Even with strong security measures, Internet voting is still vulnerable to abuse from state-sponsored actors and malicious insiders.

The push for online voting has been happening for years, but now that a major pandemic has hit the US, there is more incentive than ever for states and counties to try out online and mobile voting services. This summer, Delaware and West Virginia will allow online voting in their primaries, and New Jersey is also testing it in a municipal election. The Utah GOP recently used mobile voting in a virtual state convention. Other states and counties are likely to follow.

These solutions are far from perfect; to call them "experimental" is putting it nicely. Most of the current providers are new companies with relatively small development teams. Multiple researchers like MIT and Trail of Bits have found vulnerabilities in the voting app created by Voatz. It's also concerning that the app developer appears to be antagonistic to the security community about such vulnerability research. And let's not forget what happened to Shadow Inc.'s IowaReporterApp during the Iowa Democratic presidential caucus this past February.

The inherent vulnerability of app-based voting is a serious cause for concern, but governments and political parties are likely to pursue them anyway. So, let's take a closer look at where the problems are.

What Attacks Are Most Likely?
Mobile voting apps could face a variety of attacks, but some of the most likely scenarios are credential brute-forcing, injection, man-in-the-middle, and distributed denial-of-service attacks. Weak user credentials are a common problem, and we can expect attackers to target this in a mobile voting app. Password spraying, credential stuffing, and dictionary attacks are all likely. In a 2018 security report, Voatz was cited for allowing voters to use PINs to secure their accounts.

Injection attacks such as SQLi are particularly worrisome because the integrity of data may be at risk. Under the right circumstances, it could be difficult to track this type of data manipulation to increase, change, or delete votes. Russia used this attack in the 2016 election, and we can expect more attacks in future elections.

Man-in-the-middle (MitM) attacks could attempt to steal credentials and data or alter information. These can exploit client-side vulnerabilities, insufficient server-side security, or weaknesses in an API itself. A study last year found that 8% of the top mobile apps are vulnerable to MitM attacks, and another 45% use weak encryption.

Denial-of-service (DoS) is also to be expected, as this attack has occurred frequently in recent elections, including the 2018 US midterms and UK Labour Party.

A Security Checklist
In order for a voting app to be considered secure, it will have to check off a number of critical security boxes:

  • Authentication: Voting apps will have to require multiple points of verification, potentially including driver's license number, Social Security number, mailing address, and registered cellphone number. "Selfies" are another possibility to consider.

  • User Credentials & User Management: Strong password requirements, secure password recovery, and multifactor authentication are all essential. SMS-based MFA is far less secure, so app-based solutions like Google Authenticator, Microsoft Authenticator, or Authenticator (iOS) are preferable. Secure credential storage using salted hashes with a strong algorithm is also critical to protect that data at rest.

  • Input Validation: All user input received through the app should be handled as malicious. It must be properly sanitized, with strict whitelisting. This will assist in protecting the app from many vulnerabilities while also helping to ensure proper voter registration and vote tallies.

  • Encryption: Robust end-to-end encryption that protects data from entry point to storage or exit point is necessary. But some hashing or encryption algorithms are insufficient to the threat (for example, LinkedIn's 2012 breach due to SHA-1), so strong hashing and encryption algorithms must be used. Key management is also critical.

  • Data Integrity: Stored data should be protected from manipulation, both from outside attackers and malicious insiders. Secure cloud storage and encryption is critical, but it's also important to use digital signatures and timestamping to have a clear record of any changes.

  • Certificate Pinning: This is essential to protecting the mobile app from MitM attacks.

  • API Security: APIs should implement contemporary best practices for concerns such as transport security, load balancing, and availability. Every API function should be designed with careful consideration around authentication and authorization. Auditability and audit trail integrity must also be assured. Web application firewalls are good for additional protection, and checks should also be performed for issues present in the OWASP Top 10

Persistent Challenges
Remote voting faces a number of fundamental challenges. The most obvious of these is usability. No matter how simple the app interface is, voters will still get confused and make mistakes. How do you troubleshoot this on Election Day? What if people aren't able to vote because of it? The app's ease of use is further complicated by the need for robust cybersecurity. Even basic security measures such as user authentication, password requirements, password recovery, MFA, and so on, will be difficult to properly implement because of how they will affect the user experience.

Data integrity is another problem. Digital voting creates many points of failure along the way, from technical errors in processing and storage to malicious insiders and outsider attacks, all of which must be accounted for. The stakes are high, as there is no paper record to audit the votes.

Lastly, nonrepudiation is a risk. What if a voter claims the voting app made a mistake? Or someone else (spouse, friend) voted for them? Or that they accidentally submitted the wrong candidate? Voting apps will have to be able to prove the person voted the way the vote was received, beyond any shadow of a doubt. The apps will also require rigorous security testing and analysis, and a defense-in-depth approach. However, even with strong security measures in place, these apps could still be vulnerable to abuse, particularly from state-sponsored actors and malicious insiders.

Related Content:

 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really  bad day" in cybersecurity. Click for more information and to register
 

Scott White is the practice lead for TrustedSec's software security team. Scott's expertise in penetration testing and web application security stems from his years of unique experience ranging from web development, source code analysis, penetration testing, web application ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Sysbunny
100%
0%
Sysbunny,
User Rank: Apprentice
6/16/2020 | 3:37:46 AM
Sysbunny - Android Development Company
Yes, Will be safe develoed with proper authentication.

Develop android application with proper encryption and verification give proper results and quick result.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13523
PUBLISHED: 2020-08-04
An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability.
CVE-2020-16134
PUBLISHED: 2020-08-04
An issue was discovered on Swisscom Internet Box 2, Internet Box Standard, Internet Box Plus prior to 10.04.38, Internet Box 3 prior to 11.01.20, and Internet Box light prior to 08.06.06. Given the (user-configurable) credentials for the local Web interface or physical access to a device's plus or r...
CVE-2020-16199
PUBLISHED: 2020-08-04
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read/modify information, execute arbitrary code, and/or crash the applicat...
CVE-2020-16201
PUBLISHED: 2020-08-04
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read information.
CVE-2020-16203
PUBLISHED: 2020-08-04
Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. An uninitialized pointer may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash...