Blockchain Voting is Vulnerable to Hacking and Low-Quality Data: Research

Published at: Oct. 19, 2019

Nir Kshetri, a professor of management at the University of North Carolina, has suggested that before blockchain-based voting can be considered safe and trustworthy, some major issues must be resolved.

In an article published on Oct. 18, Kshetri claims that “small-scale tests run so far have identified problems and vulnerabilities in the digital systems and government administrative procedures” that must be solved before adopting the technology. 

Hard to audit

Per the report, such systems need to verify voters’ identities — often by analyzing a portrait photo or video with facial recognition software. According to Kshetri, contemporary voting tokens are anonymous and cannot be used to trace anyone’s identity. He also noted that many of the previous tests involved informal ballots such as community projects and student government groups.

Kshetri also voiced concerns that “even experts don’t have a way to identify every possible irregularity in online voting.” On the other hand, he points out that paper-based voting is well-understood and easy to verify and audit.

One major issue is identity verification since various secure keys require large amounts of computing power to verify. Because of this, for instance, the initially assigned keys were found to be easy to hack during the last elections in Moscow.

Experts also fear that devices used to vote could be compromised or that facial recognition systems might make mistakes or get tricked by hackers. Lastly, proprietary systems like the one developed by blockchain voting startup Voatz do not allow to verify whether the votes were cast accurately.

Testing on a small scale

That being said, in November 2018 multiple election officials in the United States allowed members of the military stationed overseas to vote electronically. In the same month, 144 voters living abroad have been approved by West Virginia’s authorities to cast ballots from 31 different countries by means of an app developed by Voatz.

The state reportedly plans to continue and expand the trial in the 2020 presidential election. Also, 119 voters who were overseas used Voatz’s system to vote during Denver’s municipal primary elections in May.

The last — and biggest — example of blockchain voting test provided by the article is the one used at the beginning of September during the city council elections in Moscow. That being said, out of the city’s 20 electoral precincts, only three allowed users to vote via the Internet because of security concerns.

As Cointelegraph reported on Oct. 18, two state counties in the U.S. are implementing blockchain-based mobile voting in the special elections in November.

Tags
Related Posts
Immunefi partners with Binance Smart Chain on bug bounties to secure BSC projects
Immunefi, a security service outfit that specialized in decentralized finance (DeFi) projects, has inked a collaboration with the Binance Smart Chain. According to a release issued on Friday, Immunefi will work in collaboration with BSC to improve the security of projects on the Binance chain. As part of the partnership, ethical hackers who take part in a campaign to discover vulnerabilities in BSC-based projects will earn rewards. As a security outfit, Immunefi has reportedly paid more than $3 million in bug bounties to ethical hackers. Major BSC protocols such as PancakeSwap, DODO, and Zapper among others are already deploying the …
Blockchain / July 9, 2021
Uranium Finance developer suspected of ‘leaking’ information leading to $50M exploit
The $50 million exploit of Uranium Finance, a decentralized finance protocol on Binance Smart Chain, may have been an inside job, according to a member of the project’s development team. The theory was put forward in Uranium Finance’s Telegram channel by a user named “Baymax,” who appears to be listed as an administrator. In a pinned post, Baymax explained that the security flaw leading to the exploit happened just two hours before version 2 of the protocol was launched. The suspicious timing of the exploit narrows down the list of potential perpetrators significantly. Baymax explained: “There are a total of …
Blockchain / April 28, 2021
World Economic Forum Releases Report About Blockchain Cybersecurity
The World Economic Forum (WEF) released a report about blockchain cybersecurity on April 5. The report points out that most data breaches do not result from the level of skill of the hackers, but instead happen because appropriate security measures often are not implemented. The WEF further claims that while attackers do compromise blockchains themselves, they much more often try to exploit or compromise their deployment. The WEF references the data breach of retail giant Target, which lead to both the CEO and chief information officer being fired, also mentioning that the director of the United States Government Office of …
Blockchain / April 8, 2019
Cross-chains in the crosshairs: Hacks call for better defense mechanisms
2022 has been a lucrative year for hackers preying on the nascent Web3 and decentralized finance (DeFi) spaces, with more than $2 billion worth of cryptocurrency fleeced in several high-profile hacks to date. Cross-chain protocols have been particularly hard hit, with Axie Infinity’s $650 million Ronin Bridge hack accounting for a significant portion of stolen funds this year. The pillaging continued into the second half of 2022 as cross-chain platform Nomad saw $190 million drained from wallets. The Solana ecosystem was the next target, with hackers gaining access to private keys of some 8000 wallets that resulted in $5 million …
Blockchain / Aug. 11, 2022
Crypto app targeting SharkBot malware resurfaces on Google app store
A newly upgraded version of a banking and crypto app targeting malware has recently resurfaced on the Google Play store, now with the capability to steal cookies from account logins and bypass fingerprint or authentication requirements. A warning about the new version of the malware was shared by malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel on Twitter accounts on Sept. 2, sharing their co-authored article on Fox IT’s blog. We discovered a new version of #SharkbotDropper in Google Play used to download and install #Sharkbot! The found droppers were used in a campaign targeting UK and IT! …
Blockchain / Sept. 5, 2022