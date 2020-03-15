Voatz, the Massachusetts-based firm touting a blockchain-enabled cellular voting app, has been met with public criticism for an absence of transparency, amongst different issues, significantly in the case of information safety. And with the specter of election tampering, the stakes are as excessive as ever.

Voatz has been used in elections in West Virginia; Jackson County, Oregon; Umatilla County, Oregon; municipal elections in Utah County, Utah; in addition to in runoff elections and municipal elections in Denver, Colorado.

The general public safety audit by a good third-party agency that consultants have been calling for is right here ultimately. In December 2019, Voatz and Tusk Philanthropies, which funded most of Voatz’s cellular voting pilots, engaged safety agency Path of Bits to conduct a complete white field audit.

Though Voatz failed to offer a backend to live-test malicious assault vectors, Path of Bits had entry to all the supply code, together with the core server, Android shopper, iOS shopper and administrator internet interface.

The audit report is complete, and features a 122-page safety overview and a 78-page doc on threat-modeling issues. Right here’s a fast rundown of the principle elements.

Voatz doesn’t want blockchain

The attraction of blockchain voting is that it’s a decentralized system that doesn’t require voters to belief anyone. However the blockchain Voatz makes use of doesn’t truly prolong to the cellular shopper. As an alternative, Voatz has been making use of the votes to a Hyperledger Material blockchain, which it makes use of as an audit log — one thing simply as simply completed by utilizing a database with an audit log.

Though a Voatz spokesperson claimed that Hyperledger “gives a number of safety features equivalent to securing the combination vote, enabling put up election auditing and offering a sequence of custody for the digital ballots as they traverse by means of the ecosystem,” it’s unclear how it might achieve this, and this functionality isn’t evident in the report.

The code Path of Bits checked out didn’t use customized chaincode or good contracts. The truth is, the report reads:

“All information validation and enterprise logic are executed off-chain in the Scala codebase of the Voatz Core Server. A number of high-risk findings have been the results of information validation points and confused deputies in the core server that might permit one voter to masquerade as one other earlier than even touching the blockchain.”

As a result of voters don’t join on to the blockchain themselves, they’ll’t independently confirm that the votes replicate their intent. However anybody with administrative entry to Voatz’s back-end servers has the flexibility to “deanonymize votes, deny votes, alter votes, and invalidate audit trails.”

The report discovered that the Voatz system doesn’t have any mitigation for deanonymizing voters based mostly on the time their poll was recorded in the blockchain. In a press release, a spokesperson for Voatz stated it had an experimental mixnet operating on the edge-infrastructure used for community stage experiments, however with none supply code, and Voatz’s FAQ claims that “as soon as submitted, all data is anonymized, routed through a ‘mixnet’ and posted to the blockchain.” However this was referred to as into query in an MIT report — and now once more in this audit.

“There doesn’t look like, neither is there point out of, a mixnet in the code supplied to Path of Bits,” the audit reads. “The core server has the potential to deanonymize all site visitors, together with ballots.”

Path of Bits confirmed MIT’s findings — Voatz disputed them

On Feb. 13, MIT researchers printed the aforementioned report, “The Poll Is Busted Earlier than the Blockchain: A Security Evaluation of Voatz, the First Web Voting Software Used in U.S. Federal Elections,” to which Voatz responded with a weblog put up the identical day to refute what it referred to as a “flawed report,” main the MIT researchers to put up an FAQ with clarifications.

It seems that Voatz’s refutation was written three days after Path of Bits confirmed the presence of the described vulnerabilities to MIT, having obtained an anonymized abstract report of the problems from the USA Division of Homeland Security. This implies that Voatz was conscious that the report was correct earlier than publicly discounting it.

The audit additionally disputes a few of Voatz’s objections to the MIT researchers’ stories. Voatz acknowledged that the Android app analyzed was 27 variations previous, however Path of Bits wrote that it “didn’t establish any safety related adjustments in the codebase” between the September 2019 model of the app utilized by the MIT researchers that may substantively have an effect on their claims.

Voatz additionally took challenge with the researchers growing a mock server, calling it a “flawed strategy” that “invalidates any claims about their means to compromise the general system.” Voatz even wrote that this observe “negates any diploma of credibility on behalf of the researchers.”

However Path of Bits claims that “growing a mock server in situations the place connecting to a manufacturing server would possibly outcome in authorized motion is an ordinary observe in vulnerability analysis. Additionally it is an ordinary observe in software program testing.” Moreover, the report factors out that the findings centered on the Android shopper, however didn’t depend on in-depth information of the Voatz servers.

A Voatz spokesperson says Voatz “objects to the methodology and strategy of the MIT researchers,” and that there are “a number of errors in the report.”

“If our methodology was unsuitable, the idea could be that we’d come to incorrect conclusions. Nonetheless, all the vulnerabilities we discovered have been confirmed by their very own safety overview. Moreover, it doesn’t seem that they’re contesting any of them,” stated Michael Specter, one of many MIT researchers who authored the report.

Prior audits weren’t complete

Regardless of Voatz touting a number of safety audits, that is the primary time a white field evaluation has been carried out, with the core server and backend having been analyzed. Though not all the prior audits are public, Path of Bits summarized all of them.

One prior safety overview was carried out in August 2019 by NCC, an unbiased, personal nonprofit that doesn’t make use of any technical safety consultants. The audit centered on usability reasonably than safety. In July 2018, an unnamed vendor carried out a black field audit of Voatz’s cellular purchasers.

In October 2018, TLDR Security, now generally known as ShiftState, carried out a broad safety hygiene overview that included system structure, person and information workflows and menace mitigation planning, however didn’t search for bugs in the system nor in the precise software. ShiftState then carried out one other audit in December 2018, taking a look at whether or not the system operated as supposed and adopted greatest practices.

Though ShiftState CEO Andre McGregor has beforehand stated that Voatz “did very nicely,” Path of Bits’ overview of ShiftState’s audit factors to points with restricted logging, unmanaged servers and a Zimperium anti-mobile malware answer that wasn’t enabled in the course of the pilot.

Since all of Voatz’s anti-tamper protections for cellular gadgets are based mostly on Zimperium, it being inactive means the appliance might have been trivially tampered with, as Voatz lacks extra safety towards malicious functions that might entry delicate data.

A Voatz spokesperson stated that Zimperium wasn’t totally built-in till 2019 and that some researchers request its disablement for testing functions, which they do on a case-by-case foundation. “Path of Bits couldn’t independently confirm that Zimperium’s proprietary anti-tamper checks explicitly confirm the Android safety supplier,” the report reads, recommending an extra test in case Zimperium is ever disabled, deliberately or not.

The ultimate audit by the DHS, carried out in October 2019, merely checked out cloud sources, not on the software — whether or not there’s proof of hacking or if it might be detected if it takes place.

Past the constraints of prior safety assessments that Voatz has touted with out making public — equivalent to the truth that not one of the audits included server and back-end vulnerabilities — Path of Bits’ report states that the writeups from the opposite safety assessments carried out have been technical paperwork. This calls into query whether or not elected officers are making selections based mostly on paperwork they’re unqualified to learn.

Voatz seems wildly disorganized

Path of Bits’ evaluation lasted a whole week longer than initially scheduled “attributable to a mix of delays in receiving code and belongings, the surprising complexity and measurement of the system, and the related reporting effort.”

Path of Bits by no means obtained a working copy of the code, prohibiting the agency from live-testing, that means that the researchers have been virtually completely restricted to static-testing, which required them to learn by means of an enormous quantity of code. Based on the report, Voatz has a lot code that it “required every engineer to research, on common, virtually 3,000 pure traces of code throughout 35 recordsdata per day of the evaluation in order to realize minimal protection.”

Though Path of Bits obtained entry to the backend for live-testing a day earlier than the evaluation was scheduled to finish, —which a Voatz spokesperson stated was attributable to simultaneous audits, delays in audits and parallel actions, and a restricted quantity of take a look at platforms, the safety agency was requested to not assault or alter the occasion in a approach that may deny service to concurrent audits.

Voatz made rookie errors — and doesn’t appear severe about fixes

Path of Bits described a number of bugs that might result in votes being noticed, tampered with or deanonymized, or that might name the integrity of an election into query.

Past the truth that voters can’t independently validate that their poll receipt is legitimate or that votes have been tallied accurately, a Voatz worker might theoretically power a person to vote twice, permit them to vote twice or duplicate their vote with out their information on the backend. Additionally, Voatz makes use of an eight-digit PIN to encrypt all native information — one thing that might be cracked inside 15 minutes.

Moreover, the report discovered that the app doesn’t have safety controls to stop unattended Android gadgets from being compromised. Delicate API credentials have been saved in git repositories, which suggests anybody in the corporate with entry to the code — even perhaps subcontractors — might use or abuse secret keys uncovered in the repositories.

Voatz workers with admin entry can lookup particular voters’ ballots. Voatz makes use of an advert hoc cryptographic handshake protocol, which is usually not advisable — as home made cryptography is susceptible to bugs, and it’s greatest to make use of encryption schemes which have been studied by researchers and examined out in the true world. The SSL (Safe Sockets Layer) wasn’t configured in a wholly safe approach, lacking a key function that helps purchasers establish when a TLS (Transport Layer Security) certificates is revoked.

In a single occasion, Voatz even minimize and pasted a key and initialization vector from a Stack Overflow reply. Slicing and pasting code is usually discouraged, even in college-level laptop safety programs, as a result of the standard of data on Stack Overflow varies, and even good code won’t work in a particular setting. Nonetheless, slicing and pasting a key and IV is even worse, because it implies that the important thing and IV used to encrypt the info are equivalent to one thing on the web, although it isn’t alleged to be public. A Voatz spokesperson stated in an e mail that this was test-code for an in-app demo and “was not truly used in any case or transaction.”

Even when summarized, Path of Bits’ suggestions are eight pages lengthy. Voatz seems to have addressed eight safety dangers, partially addressed one other six, and left 34 unfixed. Usually, corporations have a complete plan on how you can repair excessive and medium dangers. Certainly, a spokesperson for Voatz stated, “We take every discovering severely, analyze every discovering from a sensible perspective, assign the chance of threat after which decide the course ahead,” a Voatz spokesperson stated in an e mail.

“If the bug or challenge is virtually exploitable in an actual world state of affairs conforming to the small scale pilots we’re conducting, then we handle them instantly else they circulate in our regular improvement pipelines topic to priorities.”

Shockingly, Voatz determined it “accepts the danger” of many of those bugs, basically accepting threat on behalf of the voters reasonably than making the fixes recommended from the agency it employed.

Tusk Philanthropies, Voatz and Path of Bits referred Cointelegraph to their separate weblog posts in regards to the audit, and Path of Bits referred to the report itself.

This text has been up to date with feedback by a Voatz spokesperson.

