国产在线极品-国产在线精品国自产拍-国产在线精品自拍-国产在线精选-国产在线看不卡-国产在线麻豆-国产在线美女-国产在线女主播

Set as Homepage - Add to Favorites

【????? ?????? ????】Enter to watch online.After damning report, a voting app says it’s secure—but experts have questions

Source: Editor:fashion Time:2025-07-05 14:29:35

On Thursday,????? ?????? ???? researchers at MIT published an injurious study about vulnerabilities in a "blockchain-based" voting app called Voatz. They found that malicious attackers could penetrate the app and then view, disrupt transmission, or even alter voters' choices.

Despite the niche nature of the app (it's geared towards overseas and disabled voters) and the technicality of the study, the New York Timespicked up the news; the integrity of electronic voting is on everyone's mind in the wake of the disastrously botched use of a voting app in the Iowa caucus.

Broadcasting the troubling findings in the Timeshas prompted public criticism of the app across the internet, and worry by public officials of its use in elections: One county that was planning to use the app has already decided against doing so in the wake of the report.


You May Also Like

Voatz vehemently objects to the findings of the study, calling out what it sees as serious flaws in the way in which it was conducted. Namely, it says that researchers used an outdated, reverse-engineered, and partially theoretical version of the app and its server infrastructure instead of the real thing. If they had taken advantage of access to the product through Voatz' bug bounty program, Voatz said, the researchers would have found a much more secure system than what the researchers encountered.

Security experts aren't so sure. Even with the alleged shortcomings of the study, experts see it as a valuable contribution to understanding a new facet of democracy and technology with extremely high stakes.

"By no means is it going to be perfect, but it lays out a pretty good claim that we need some more scrutiny of Voatz," Maurice Turner, a deputy director at the Center for Democracy & Technology, told Mashable. "And it’s a good opportunity for Voatz to take another look and share the security research that they’ve already done."

Founded five years ago, Voatz is a platorm that aims to increase voter turnout and assist overseas citizens (like military personnel) with casting ballots. In 2018, it made headlines (including on Mashable) when West Virginia contracted it as the first "blockchain-based" voting app or a small pilot program.

Its introduction to the world was not entirely smooth. It has been criticized for a lack of transparency about how it functions, for structural flaws in its blockchain auditing system, for use of third party software, and for the fact that experts say blockchain is actually not well-suited at all to voting systems. Moreover, it developed a combative relationship with the security community after it reported a University of Michigan security researcher to the FBI as a "malicious actor."

"We've learned that Voatz responds badly to public research attempting to verify their claims of security," Jacob Hoffman-Andrews, a senior staff technologist at the Electronic Frontier Foundation, told Mashable. "Voatz' approach to third-party security testing raises serious questions about whether they should be trusted, over and above the fundamental unsafety of any e-voting scheme."

Mashable Trend Report Decode what’s viral, what’s next, and what it all means. Sign up for Mashable’s weekly Trend Report newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

All off this led researchers at MIT's Computer Science & Artificial Intelligence Lab to take a deeper dive into Voatz — without the company's knowledge or cooperation. In the introduction to the paper, the researchers specifically cite the Michigan conflict as a reason they didn't engage with the company.

While Turner said he was "surprised" that the researchers neither took advantage of access to the system through the bug bounty program, nor worked with Voatz, he also understands the impetus.

"I’m well aware that Voatz has a mixed reputation amongst security researchers," Turner said. "I could see why there could be some trepidation about engaging with Voatz." However, he also added "It just seems unusual that they wouldn’t have taken an extra step of engaging."

Harri Hursti, a security researcher and co-founder of Nordic Innovation Labs, put it more bluntly. First, Hursti pointed out that there are technical limitations to the bug bounty program that make it not entirely useful for analysis; the researchers also explain their decision not to access the program itself in the paper's discussion.

"Choosing to evaluate this bounty app alone would introduce additional threats to validity, and as the differences between this version and the ones that have been fielded are unclear... Crucially, the bounty does not provide any additional helpful insight into Voatz’s server infrastructure, nor does it provide any source or binary for the API server to test against."

Given Voatz's alleged past behavior and attitude toward researchers, as well as the technical limitations of the bug bounty program, Hursti views the tack the researchers took — of reverse engineering the app, and simulating server communication — as best practices, and their findings as legitimate.

"Voatz has been very hostile towards security research," Hursti said. "The MIT research in my opinion is legitimate. Under these circumstances when the subject of the research is uncooperative, they have done a very good job."

The EFF's Hoffman-Andrews agreed that the MIT research holds up.

"The report is sound," Hoffman-Andrews said. "It relies on common security best practices and reveals some very worrying things about the Voatz app."

Despite recent mainstream worry about voting apps and a legacy of hair-pulling in security about the nightmare of electronic voting, Voatz and other companies are soldiering on. Because of this reality, Turner sees both sides of this story — the app, and the research — as imperative.

"There is definitely a need for continued investment and development, because without that, we can’t actually answer the question 'is this good enough to use in a general election,'" Turner said. "Security researchers are a critical part of that learning and sharing process, which is why overall I appreciate the MIT researches to going to the effort of putting out the report, so vendors like Voatz can incorporate these findings and improve their products."

One can only hope.

0.1512s , 10114.671875 kb

Copyright © 2025 Powered by 【????? ?????? ????】Enter to watch online.After damning report, a voting app says it’s secure—but experts have questions,  

Sitemap

Top 主站蜘蛛池模板: 福利资源在线 | 国产精品大片在线看 | 国产视频综合 | 九九自拍视频 | 精品女同一区二区 | 精品97人| 国产精品欧美日 | 成人午夜激情小 | 精品乱伦中文国产 | 日韩欧美在线综合 | 国产精品视频观看 | 97se国产在线 | 琪琪色好看在线观看 | 日韩午夜电影网 | 欧美性在线观看 | 97久夜色| 奇奇上司妻 | 欧美一级在线做性 | 91视频一区在线 | 九九热在线视频观看 | 日韩午夜剧场人畜 | 91色在线观看| 潘甜甜国产福 | 国产主播日韩欧美 | 国产噜噜亚 | 日韩中文在线播放 | 国产精品日韩精 | 日本高清| 精品一区卡2卡3卡 | 精品视频国产激情 | 片一级二级 | 国产精品视频二区在 | 午夜一级免费视频 | 日本高清www | 午夜日韩在线观看 | 国产色片免费网址 | 国产伦精品一区 | 国产费视频在线观看 | 国产三区视 | 91中文字日产乱幕 | 国产亚洲午夜福 |