
A smartphone app that’s expected to be widely used by athletes and others attending next month’s Winter Games in Beijing has glaring security problems that could expose sensitive data to interception, according to a report published Tuesday.
Citizen Lab, an internet watchdog group, said in its report the MY2022 app has seriously flawed encryption that would make users’ sensitive data — and any other data communicated through it — vulnerable to being hacked. Other important user data on the app wasn’t encrypted at all, the report found.
That means the data could be read by Chinese internet service providers or telecommunications companies through Wi-Fi hotspots at hotels, airports and Olympic venues.
The Citizen Lab report said the app was mandatory for attendees of the games, and the International Olympic Committee’s official guidance instructs attendees to download the app before they come to China. But the IOC issued a statement Tuesday saying the smartphone app was not compulsory.
The IOC also pushed back against Citizen Lab’s report, saying two independent cybersecurity testing organizations had found no critical vulnerabilities with the app.
China is requiring all international Olympic attendees — including coaches and journalists — to log into a health monitoring system at least 14 days before their departure. They can use the app to do so, or can log in through a web browser on a PC. The app allows users to submit required health information on a daily basis and is part of China’s aggressive effort to manage the coronavirus pandemic while hosting the games, which begin Feb. 4. The multipurpose app also includes chat features, file transfers, weather updates, tourism recommendations and GPS navigation.
Citizen Lab’s report comes amid heightened concerns over athletes’ data and privacy. Many countries are advising their athletes not to take their normal smartphones to China, but instead to bring temporary — or burner — phones that do not store any sensitive personal data, according to news reports.
The U.S. Olympic & Paralympic Committee issued an advisory to athletes telling them to “assume that every device and every communication, transaction, and online activity will be monitored.”
“There should be no expectation of data security or privacy while operating in China,” the advisory said.
China has a well-documented history of conducting muscular surveillance of its citizens and aggressive cyber-spying on others. But Citizen Lab said there was no evidence that the easily discoverable security flaws in the MY2022 app were placed intentionally by the Chinese government. For one, much of the sensitive health information held on the app is required to be submitted directly to authorities on health customs forms, the report said.
Citizen Lab said the security vulnerabilities found in MY2022 app are similar to those found in popular Chinese web browsers and noted that “insufficient protection of user data is endemic to the Chinese app ecosystem.”
“In light of previous work analyzing popular Chinese apps, our findings concerning MY2022 are, while concerning, not surprising,” the report said.
Citizen Lab said it reported the security issues to the Beijing Organizing Committee last month but did not receive a response. The report also said the app’s security flaws could run afoul of Apple’s and Google’s policies for software used on iPhones and Android devices. The two companies did not immediately return a request for comment.
The Android version of the MY2022 app included a list named “illegalwords.txt” that included 2,442 keywords, including some that could be politically sensitive and relate to China’s actions toward Tibet and the Uyghur ethnic group.
The report said despite having the list bundled with the app, it does not appear to function. The Chinese government has long required tech companies to censor content and keywords deemed politically sensitive or inappropriate./Associated Press/
Hi there colleagues, how is the whole thing, and what you desire to say about this piece of writing, in my view its actually awesome in favor of me.
That’s because thee most favorable counts tend to
take place at the finish of a shoe.
my blog … Play Online Casino
There are also exciting hybrid sports betting brands such as Prophet Exchange,
which functions as a peer-to-peer betting service.
Feel free to visit my site; Sports betting sites
Hello! This is my first comment here so I just wanted to give a
quick shout out and say I genuinely enjoy reading your blog
posts. Can you recommend any other blogs/websites/forums that cover the same topics?
Many thanks!
Build an ideaship with bricks from the life you have!
Who knows what your imagination could lead you to? explore the honest Lego building builds
I have a shelf full of cuteness after buying the Baby Yoda LEGO
Set. You won’t regret it! The attention to detail in each Lego set is
truly remarkable, from the texture of dungeon walls to the precision in recreating iconic landmarks.
I’m curious to find out what blog system you’re using?
I’m having some minor security issues with my latest blog and I would like to
find something more risk-free. Do you have any solutions?
Meanwhile, hundreds of slots, table games, and live dealer asino games also await.
my website: betway korea
whoah this weblog is excellent i really like studying your
posts. Stay up the good work! You understand, a
lot of individuals are hunting round for this info, you can help
them greatly.
The minus (-) odds of -355 implies that you will have to bet $355 to wiin $one hundred.
Also visit my site: 토토사이트
There are no defined Baccarat Rules onn irrespective off whether the game must be played with six or eight
decks.
Having said that, some mobile platforms are unsafe, as there are usually scam
artists and shady operators trying to lure you in.
Also visit my blog post toto79.org
So it really is really hard to preserve track of
what is going down and what is nevertheless running.
Here is my web blog – Visit website
Supported mobbile devices consist oof Apple or iOS devices, Android devijces and also
Windows devices.
Have a look at my web site :: Casino Play Online
This post is in fact a pleasant one it assists new net users,
who are wishing in favor of blogging.
You actually make it seem really easy along with your presentation but I find this topic to be really one
thing which I believe I would never understand. It kind
of feels too complicated and very vast for me. I am taking a look forward on your subsequent post, I’ll attempt to get
the dangle of it!