Bad actors could tamper with ballots cast via OmniBallot without being detected by voters, election officials or the tool’s developer, a study finds
OmniBallot, a platform approved for online voting in multiple US states, is insecure on multiple levels and is susceptible to various degrees of manipulation, a paper by researchers at the Massachusetts Institute of Technology (MIT) and the University of Michigan has found.
“At worst, attackers could change election outcomes without detection, and even if there was no attack, officials would have no way to prove that the results were accurate. No available technology can adequately mitigate these risks, so we urge jurisdictions not to deploy OmniBallot’s online voting features,” according to Michael Specter and J. Alex Halderman, the researchers behind the report.
The two academics assessed risks connected with three methods of using OmniBallot, an internet voting and ballot delivery system developed by Democracy Live. The methods were blank ballot delivery, online ballot marking, and online ballot return.
Online ballot return was ranked as a severe risk since there is no way for voters to verify that their votes have been delivered unaltered. Furthermore, bad actors could modify the votes in a way that could prove hard to detect by any of the parties involved – voters, officials, or Democracy Live. The researchers also criticized the fact that this method relies heavily on third-party services and infrastructure and cannot achieve software independence.
“We find that OmniBallot uses a simplistic approach to Internet voting that is vulnerable to vote manipulation by malware on the voter’s device and by insiders or other attackers who can compromise Democracy Live, Amazon, Google, or Cloudflare,” sa ..
Support the originator by clicking the read the rest link below.
