With this being an election year, the concept of internet voting using an app on your mobile device or accessing a ballot box on an internet portal have both been trending in the news, with several counties and states around the country planning to institute them. One reason for this is that past elections had low voter turnout, as a lot of younger voters did not participate. Another motivation is to accommodate handicapped persons who aren’t able to travel to polling stations and military personnel who are deployed abroad.
Yet another incentive for mobile voting is the fact that our country’s voting system is broken and does not instill confidence in the election process. Stopping election hacking and election security are top of mind with today’s voters! New ways to safely and securely cast your vote and have it transparently counted are being piloted. Some argue we should go back to paper ballots, but there was the “hanging chad” debacle in Florida. Others want to fix our voting machines, but as numerous Black Hat and DEFCON hacking demonstrations have proven over and over, even with so-called fixes in place, these machines can be easily compromised.
So, what is the solution? First, the greater-Seattle area allowed mobile device users to cast their votes by logging into an Internet portal using a virtual ballot box. Next came Iowa, which used an app by precinct officials to collect and report the results of their caucuses to election officials. The Shadow app that was used was an epic fail! Now several states like West Virginia, Oregon, and Washington want to roll out the Voatz voting app to allow their registered voters the option to vote online. The overriding concerns are that these new mobile voting apps are not secure from bad actors or that votes won’t be counted as voters might not be able to upload their ballots to an internet portal before polls are closed.
I downloaded 10 random voting apps from both the iOS App Store and Google Play Store, and surprisingly, most of them work fine on jailbroken and rooted devices. One app returned a blank page, and another app kept crashing.
There are several phases to ensuring that everyone registered can securely vote and upload a ballot, and that each vote is true and counted! The first step is the app must be inherently secure. This means the software developer must implement a secure software development life cycle process (SDLC). The app must be penetration and stress tested using a protocol fuzzer. Then the app must be beta-tested and deployed to a large sampling of the population and installed on as many mobile devices as humanly possible. The Shadow app used in Iowa was not uploaded to the sanctioned public app stores and did not get properly vetted by Apple or Google. Instead, the caucus app had to be sideloaded onto the mobile device. A sideloaded app is a mobile threat.
Next comes the mobile device. It must be free from any malicious exploit! This means it cannot be jailbroken (iOS/iPadOS devices) or rooted (Android devices). Malware or leaky apps cannot be installed on the device, and the device cannot be connected to an unsecured wireless network (hotel, airport, or coffee shop hotspots) when these votes are being cast. The existence of any device, network, app or phishing exploits on the device means a user’s vote can be potentially modified within the voting app and then uploaded to the internet server. Or the voter’s credentials can be stolen and a bad actor can fraudulently cast votes on behalf of an unknowing victim by logging into the ballot box portal.
The last piece of the puzzle is the security of the internet-facing servers and how these ballots are security transported to the officials doing the actual counting. The connection between the mobile device and server must be secured using HTTPS, employing the strongest cipher suites in protocol TLS versions 1.2 or 1.3. The ballot box portals should implement high availability and disaster recovery to ensure voters can cast their ballots on time.
If the server is cloud-based, then the connection from the cloud data center to the election counting office must use a VPN. Uploaded ballots should be stored in a disk encrypted space using AES 256-bit symmetric keys, preferably using XTS mode, which require strong credentials like MFA with a privileged user role to access them. The server software and its contents should also be penetration tested frequently by the company’s Red Team, and then validated by a highly reputable external penetration testing company.
The easiest way to have these voting apps analyzed is by using a mobile threat defense solution like MobileIron Threat Defense that implements robust machine learning AI algorithms to analyze an app’s security and privacy risks. Then use a unified endpoint management tool like MobileIron UEM to provision the mobile device with strong identity, apply user permissions, and install properly vetted apps and content. MobileIron UEM and Threat Defense can protect and enforce that the mobile device remains in a compliant state. This includes providing several layers of security by detecting if a device is jailbroken or rooted. If it is, apply a compliance action like quarantine or selective wipe work context on the mobile device.
The video below shows how MobileIron UEM and Threat Defense help fight election fraud by being able to detect that an Android 10 device is rooted with the very sophisticated Magisk systemless rooting technique. Voting apps can be procured before being deployed as a managed app to a mobile device protected by MobileIron. If a device, network, app, or phishing threat is detected on the device, the same voting app can be removed from the device to prevent data loss.