Chinese Olympic app has serious security flaws, says report

Spread the love

A smartphone app that’s expected to be widely used by athletes and others attending next month’s Winter Games in Beijing has glaring security problems that could expose sensitive data to interception, according to a report published Tuesday.

Citizen Lab, an internet watchdog group, said in its report the MY2022 app has seriously flawed encryption that would make users’ sensitive data and any other data communicated through it vulnerable to being hacked. Other important user data on the app wasn’t encrypted at all, the report found.

That means the data could be read by Chinese internet service providers or telecommunications companies through Wi-Fi hotspots at hotels, airports and Olympic venues.

The Citizen Lab report said the app was mandatory for attendees of the games, and the International Olympic Committee’s official guidance instructs attendees to download the app before they come to China. But the IOC issued a statement Tuesday saying the smartphone app was not compulsory.

The IOC also pushed back against Citizen Lab report, saying two independent cybersecurity testing organizations had found no critical vulnerabilities with the app.

China is requiring all international Olympic attendees including coaches and journalists to log into a health monitoring system at least 14 days before their departure. They can use the app to do so, or can log in through a web browser on a PC. The app allows users to submit required health information on a daily basis and is part of China’s aggressive effort to manage the coronavirus pandemic while hosting the games, which begin Feb. 4.

The multipurpose app also includes chat features, file transfers, weather updates, tourism recommendations and GPS navigation.

 


Spread the love