New research from a team of MIT engineers has found an alarming string of vulnerabilities in a leading blockchain voting system called Voatz. After reverse-engineering Voatz’s Android app, the researchers concluded that an attacker who compromised a voter’s phone would able to observe, suppress, and alter votes nearly at will. Network attacks could also reveal where a given user was voting and potentially suppress votes in the process, the paper claims.
Most troubling, researchers say that an attacker who compromised the servers that manage the Voatz API might even be able to alter ballots as they arrive, an alarming threat that distributed ledgers should theoretically protect against.
“Given the severity of failings discussed in this…