Tweet
Since 2018, we have been experimenting with smartphone-app based mobile voting for a very small number of voters across various jurisdictions in the United States. The small-scale nature of these pilots has not prevented attackers and researchers from around the world from attempting to break into the platform at multiple levels. In this paper, we present the significant amount of attack data that has been collected over the past couple of years and an early analysis of the nature of these attack attempts, their lethality, origins, etc. We also present the mitigation measures that have worked and the ones that haven’t. Lastly, we will also dive deeper into a couple of very significant attack attempts and present a detailed analysis of the threat vectors, the attack modality, duration, etc. All this data is being shared in the public domain for the very first time and an anonymized dataset will be available for open downloads. We hope that it will further inform research in this space.