"It is clear that from the theoretical nature of the researchers’ approach, the lack of practical evidence backing their claims, their deliberate attempt to remain anonymous prior to publication, and their priority being to find media attention, that the researchers’ true aim is to deliberately disrupt the election process, to sow doubt in the security of our election infrastructure, and to spread fear and confusion," the company said in its statement.
The researchers dispute many of these assertions, though. They say that they assessed the version of the Voatz app that was available in Google Play in early December and that since then the company has done five, not 27, updates to the app according to Google Play's logs. They add that none of those five sets of update notes include any indication of security or architecture changes that would potentially negate their findings. And the researchers say that whenever they were forced to make assumptions about Voatz's systems in their analysis, they did so as generously as possible.
"We explicitly assume in the paper a very optimistic model of what Voatz’s backend could be doing," Specter, the lead researcher, told WIRED. "Every time we could possibly assume that Voatz could be preventing something we just assumed that they did it and that it’s completely secure. And even in that very strenuous situation we were able to show a number of attacks."
The researchers asked the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency to coordinate an anonymous disclosure process ahead of publication to safeguard against retaliation. Voatz memorably reported a University of Michigan researcher to the Federal Bureau of Investigation for what tur ..
Support the originator by clicking the read the rest link below.
