Olympics-China’s Olympics app has security flaws, researchers say

© Reuters. A woman takes photos in front of the Beijing 2022 installation near the closed-loop “bubble” around the venues for the Beijing 2022 Winter Olympics in Beijing, China, on January 18, 2022.REUTERS/Thomas Peter

(Reuters) – According to a report released Tuesday by Canadian researchers https:// .

The MY2022 app was built by the BOCOG to track and share medical information related to COVID-19 among athletes during the Olympic Games.

MY2022 failed to properly encrypt the transmission of personal data, making it vulnerable to hacking, researchers from the Citizen Lab project in Toronto said. They also found that MY2022’s privacy policy did not specify which organisations it would share user information with.

The International Olympic Committee (IOC) said it had conducted an independent assessment of the application and found no “serious loopholes”.

“The installation of ‘My 2022’ on mobile phones is not mandatory,” the IOC said in a statement.

Yu Hong, director of the committee’s technology department, said on Wednesday that the app’s main function is to monitor people’s health and that the country complies with strict data protection regulations.

All technical aspects of the MY2022 app have been verified by relevant app stores, Beijing 2022 officials said at a briefing hosted by the Chinese embassy in the United States. She spoke via video from Beijing.

Yu also said that technical loopholes are natural when developing such applications, and her department is constantly updating to eliminate such problems.

Citizen Lab researchers said they discovered the flaw after creating an account in the iOS version of the app. They were unable to set up accounts in the Android version, but said both versions of MY2022 had security holes.

The report said that MY2022 failed to verify the SSL certificate, which is required to verify the identity of the website and enable encrypted connections. Hackers can use this to transmit data to malicious sites.

Unencrypted data is transmitted from MY2022 to “tmail.beijing2022.cn”.

“This data can be read by any passive eavesdropper, such as a person within range of an unsecured WiFi access point, someone operating a WiFi hotspot, an internet service provider or other telecommunications company,” the report said.

Citizen Lab said it notified the Beijing Winter Olympics organizing committee of its security concerns on Dec. 3, but has yet to receive a response.

The Winter Olympics are scheduled to open on February 4. Several countries, including the United States, Britain, Japan and Australia, have announced diplomatic boycotts of the Winter Olympics over concerns about human rights in China.

Disclaimer: Converged Media You are reminded that the data contained on this website is not necessarily real-time or accurate. All CFD (Shares, Indices, Futures) and Forex prices are not provided by exchanges, but by market makers, so prices may not be accurate and may differ from actual market prices, which means prices are indicative and not Suitable for trading purposes. Therefore, Fusion Media is not responsible for any transaction losses that you may incur as a result of your use of these data.

Converged Media or anyone associated with Fusion Media shall not be liable for any loss or damage arising from reliance on information such as data, quotes, charts and buy and sell signals contained in this website. Please fully understand the risks and costs associated with trading in financial markets, which is one of the riskiest forms of investing.

Source link

Leave a Reply

Your email address will not be published.