BEGIN:VCALENDAR
PRODID:-//vBulletin 6//EN
VERSION:2.0
CALSCALE:GREGORIAN
BEGIN:VEVENT
UID:8f7524c7-8c66-4187-a810-5cccee183623
DTSTAMP:20260419T194821Z
SUMMARY:The Ballot is Busted Before the Blockchain: A Security Analysis of 
 Voatz\, the First Internet Voting
DESCRIPTION:Title: The Ballot is Busted Before the Blockchain: A Security A
 nalysis of Voatz\, the First Internet Voting Application Used in U.S. Fede
 ral Elections\n\nDescription:\nIn the 2018 midterm elections\, West Virgin
 ia became the first state in the U.S. to allow select voters to cast their
  ballot on a mobile phone via a proprietary app called “Voatz.” Althou
 gh there was no public formal description of Voatz's security model\, the 
 company claimed that election security and integrity were maintained throu
 gh the use of a permissioned blockchain\, biometrics\, a mixnet\, and hard
 ware-backed key storage modules on the user's device. In this work\, we pr
 esent the first public security analysis of Voatz\, based on a reverse eng
 ineering of their Android application and the minimal available documentat
 ion. We performed a cleanroom reimplementation of Voatz's server and prese
 nt an analysis of the election process as visible from the app itself.\n\n
 We find that Voatz has vulnerabilities that allow different kinds of adver
 saries to alter\, stop\, or expose a user's vote\, including a sidechannel
  attack in which a completely passive network adversary can recover a user
 's secret ballot. We additionally find that Voatz has a number of privacy 
 issues stemming from their use of third party services for crucial app fun
 ctionality. Our findings serve as a concrete illustration of the common wi
 sdom against Internet voting\, and of the importance of transparency to th
 e legitimacy of elections.\n\nSpeaker(s): Michael A. Specter\n\nLocation: 
 Voting Vlg\n\nDiscord: https://discord.com/channels/708208267699945503/732
 733881148506164\n\nEvent starts: 2020-08-08 13:30 (01:30 PM) PDT (UTC -07:
 00)\n\nEvent ends: 2020-08-08 14:00 (02:00 PM) PDT (UTC -07:00)\n\nFor the
  most up-to-date information\, please either visit https://info.defcon.org
 \, or use HackerTracker\, which is available for iOS and Android. This is 
 an automated message\, and this data was last modified 2020-08-03T20:08 (U
 TC).
URL:https://forum.defcon.org/node/234402
DTSTART:20200808T213000Z
DTEND:20200808T220001Z
LOCATION:Voting Vlg
END:VEVENT
END:VCALENDAR