GT Progressive News: Researchers find that Voatz mobile voting app used in several states has flaws that would let attackers intercept and alter votes and doesn't use blockchain as claimed. Here's my story with technical details about the findings:

Friday, February 14, 2020

Researchers find that Voatz mobile voting app used in several states has flaws that would let attackers intercept and alter votes and doesn't use blockchain as claimed. Here's my story with technical details about the findings:

READ THIS THREAD!

Sweet Jesus https://t.co/smR4LTLPoR
— Rick Wilson (@TheRickWilson) February 13, 2020

Voatz has long claimed that it had independent security researchers audit its system, but it has refused to release the report from that review or identify who conducted it. So this is the only public security review available for election officials who are using the system.
— Kim Zetter (@KimZetter) February 13, 2020

“We find that an attacker with root privileges on the device can disable all of Voatz’s host-based protections, and therefore stealthily control the user’s vote, expose her private ballot, and exfiltrate the user’s PIN and other data used to authenticate to the server."
— Kim Zetter (@KimZetter) February 13, 2020

but continue to show the verification dialog as if the vote had successfully been cast.”
— Kim Zetter (@KimZetter) February 13, 2020