Is your mobile device secure? The democratic process could depend on it.
As the 2020 elections approach, it’s become clear that smartphones and tablets play a vital role in the democratic process. They are critical to campaign activities and have the potential to increase voter turnout and simplify the voting process – especially for those who can’t physically show up to vote. As campaign activities ramp up across the nation and governments ponder remote options for voting, mobile security has become imperative. And it’s not just in 2020 that we have to be concerned about election security. The role and importance of mobile devices in our democratic process will continue to increase into the future.
Mobile devices are already part of our elections
Staffers and candidates now communicate with each other on mobile devices all the time. Campaigns also use them as a primary channel to engage voters. According to Tech for Campaign’s 2018 Political Digital Advertising Report, more than 90 percent of presidential campaigns’ 2018 digital advertisements were delivered to mobile devices. What all this means is that mobile devices are the key to the electoral process and have access to a wealth of sensitive information, including voter location, registration data, donor records – potentially even campaign strategy calls or other confidential conversations.
Beyond campaigns, using mobile devices to make voting easier and encourage turnout has an appeal to many jurisdictions, especially now with COVID-19 making in-person voting more difficult. And the idea is no longer just a concept. Earlier this year, all eligible voters in a Seattle-area county were given the option to cast their ballot via smartphone for one of the local elections. An independent audit released by the National Cybersecurity Center found the election results were accurate with no interference, while the county's voter turnout doubled.
The risks to mobile voting are still high though. Any tampering by malicious actors including nation states, could cast doubt over our democratic system. States like West Virginia, which previously allowed overseas residents to vote via mobile app, discontinued the option after the discovery of exploitable security flaws. Audits have found major vulnerabilities on mobile voting apps, making mail-in ballots seem like a more attractive alternative to in-person voting.
Our democracy depends on everyone keeping their devices secure
Mobile devices are already part of our democratic process. We need to make sure that campaigns and the public understands that keeping their devices secure is vital to the protection of our electoral process.
All mobile users – whether they’re a campaign staffer or a voter – need to be careful when downloading mobile apps and clicking on links delivered in any app. Unlike on a desktop, you could be sent malicious links in a lot more ways than just email, including SMS text, messaging applications and social media apps. On top of that, mobile devices’ smaller form screen and simplified user experience makes it more challenging for users to decipher what is real from fake. In late August, the Democratic National Committee (DNC) even sent out an alert to campaign staffers warning them to watch out for phishing attacks delivered through dating apps.
A compromised mobile device could provide cybercriminals access to account passwords, camera, audio recorder and data stored on the device. There’s been evidence of this type of attack through Monokle, a campaign Lookout discovered that was perpetrated by a Russian hacking group who installed surveillanceware disguised as legitimate apps.
So, what can we do?
As a society, we have to be vigilant. 2020 will not be the only elections where phones and tablets are used. Mobile devices will continue to become more prominent to our electoral process, each subsequent election.
First, we need to educate the public to understand how mobile devices could be used to compromise their personal lives and the electoral process. Specifically, the challenges they will face, contrasting with desktop computers, which a lot of them are more familiar with.
We also need to ensure that security is in place to detect and protect mobile devices from phishing attacks and malicious apps. Organizations like Defending Digital Campaigns (DDC), a non-profit with the goal of ensuring that campaigns are secure, offer free or low-cost security solutions and training to campaigns. Lookout is providing affordable mobile security as part of DDC’s efforts.
U.S. adversaries are turning their attention away from hardened email security systems and toward softer mobile targets. The sensitive information within a campaign and the opportunity to inform misinformation campaigns makes them prime targets for mobile attacks. Ready to learn more about how Lookout can protect your campaign from harmful mobile attacks? Contact us.