Ensuring your future vote is accurate and counted!

The election is right around the corner. For months we have been discussing the concept of internet voting using an app on your mobile device or accessing a ballot box on an internet portal. There are multiple reasons why this has become an option for consideration, including low young voter turnout, accessibility for handicapped people, military personnel deployed abroad, potential delays in the US Postal Service, and a broken voting system.

Our country’s voting system does not instill confidence in the election process. Election security and stopping election hacking are top of mind with today’s voters! To ensure that everyone can securely vote and upload a ballot and guarantee that each vote is accurate and counted, there are several advancements that are required.

The first step is the app must be inherently secure. This means the software developer must implement a secure software development life cycle process (SDLC). The app must be penetration and stress tested using a protocol fuzzer. Then the app must be beta-tested and deployed to a large sampling of the population and delivered to as many mobile devices as possible.

Next, any mobile device threats must be eliminated. To ensure a mobile device is secure and compliant means validating that the device is not jailbroken (iOS/iPadOS devices) or rooted (Android devices). Malware or leaky apps are not present on the device, and the device is connecting only to trusted Wi-Fi or cellular networks. A non-compliant device, malicious app or phishing attacks on the device means a user’s vote can be potentially modified within the voting app, without the voter’s knowledge, and then uploaded to the internet server. The types of threats could also result in the compromise of the voter’s credentials which could allow a malicious actor to fraudulently cast votes in their name.

So, what’s the solution to ensuring security for mobile applications and eliminating millions of mobile device threats?

The easiest way to protect these voting apps is by deploying a solution like MobileIron Threat Defense (MTD) that implements robust machine learning AI algorithms to analyze an application’s security and privacy risks. MobileIron Unified Endpoint Management (UEM) can also provision any mobile device with strong identity, apply user permissions and install only properly vetted apps and content. Together, MobileIron UEM and MTD can remediate mobile device threats and ensure that the device remains in a compliant state. This includes providing extra layers or security by detecting if a device is jailbroken or rooted. If it is, apply a compliance action like quarantine or selectively removing sensitive content or apps on the mobile device.

We may not be using mobile devices to cast our votes this year, but I think we will see this technique coming to the forefront in years to come. Before we even start to use mobile devices and applications to determine our future, we must ensure they are safe and secure.

Bill Harrod

Bill Harrod

Federal CTO, MobileIron

About the author

Bill Harrod is the Federal CTO at MobileIron. He is an accomplished information security executive and cybersecurity professional with experience managing cybersecurity risk and designing and delivering security solutions to federal agencies and Fortune 500 companies. He is an expert on Federal Identity, Credential and Access Management Architecture (FICAM). Previously, he served as a senior manager at Deloitte and senior principal consultant at CA Technologies.