READ THIS THREAD!
Sweet Jesus https://t.co/smR4LTLPoR— Rick Wilson (@TheRickWilson) February 13, 2020
Voatz has long claimed that it had independent security researchers audit its system, but it has refused to release the report from that review or identify who conducted it. So this is the only public security review available for election officials who are using the system.— Kim Zetter (@KimZetter) February 13, 2020
“We find that an attacker with root privileges on the device can disable all of Voatz’s host-based protections, and therefore stealthily control the user’s vote, expose her private ballot, and exfiltrate the user’s PIN and other data used to authenticate to the server."— Kim Zetter (@KimZetter) February 13, 2020
but continue to show the verification dialog as if the vote had successfully been cast.”— Kim Zetter (@KimZetter) February 13, 2020