50% Off! Beat the market in 2025 with InvestingProCLAIM SALE

Olympics-China's Games app has security flaws, researchers say

Published 01/19/2022, 12:52 AM
Updated 01/19/2022, 01:05 AM
© Reuters. A woman has her picture taken in front of a Beijing 2022 installation near the closed loop "bubble" surrounding venues of the Beijing 2022 Winter Olympics in Beijing, China, January 18, 2022.   REUTERS/Thomas Peter

(Reuters) -A smartphone app built by China to monitor the health of attendees at the Beijing Winter Olympics next month contains security flaws that makes it vulnerable to privacy breaches and hackers, according to a report https:// released by Canadian researchers on Tuesday.

The MY2022 app was built by the Beijing Organising Committee mainly to track and share COVID-19-related medical information among the athletes during the Games.

Researchers with Toronto's Citizen Lab project said MY2022 failed to properly encrypt the transfer of personal data, leaving it vulnerable to hackers. They also found that MY2022's privacy policy does not specify which organisations it would share the users' information with.

The International Olympic Committee (IOC) said it had conducted independent assessments on the application and had not found any "critical vulnerabilities".

"It is not compulsory to install 'My 2022' on cell phones," the IOC said in a statement.

Yu Hong, the director general of the committee's technology department, said on Wednesday that the main function of the app is to monitor people's health and the country follows strict rules to protect data.

All of the MY2022 app's technology aspects have been validated by relevant app stores, the Beijing 2022 official said at a briefing hosted by the Chinese embassy in the United States. She was speaking via video from Beijing.

Yu also said that technology vulnerabilities were natural when developing this kind of an app, which her department was constantly updating in order to remove such issues.

The Citizen Lab researchers said they found the flaws in the iOS version of the app after creating an account in it. They were unable to set up an account in the Android version but said the security flaws existed in both versions of MY2022.

The report said MY2022 failed to validate SSL certificates, which are needed to authenticate a website's identity and enable encrypted connection. This can be exploited by hackers to transmit the data to malicious sites.

Non-encrypted data is transmitted to "tmail.beijing2022.cn" by MY2022.

"Such data can be read by any passive eavesdropper, such as someone in range of an unsecured WiFi access point, someone operating a WiFi hotspot, or an Internet Service Provider or other telecommunications company," the report said.

© Reuters. A woman has her picture taken in front of a Beijing 2022 installation near the closed loop

Citizen Lab said it had informed the Beijing Winter Olympics Organising Committee on Dec. 3 of its security concerns but had not received any response.

The Winter Olympics are set to begin on Feb. 4. Several countries including the United States, Britain, Japan and Australia have announced diplomatic boycotts of the Games over concerns about human rights in China.

Latest comments

Risk Disclosure: Trading in financial instruments and/or cryptocurrencies involves high risks including the risk of losing some, or all, of your investment amount, and may not be suitable for all investors. Prices of cryptocurrencies are extremely volatile and may be affected by external factors such as financial, regulatory or political events. Trading on margin increases the financial risks.
Before deciding to trade in financial instrument or cryptocurrencies you should be fully informed of the risks and costs associated with trading the financial markets, carefully consider your investment objectives, level of experience, and risk appetite, and seek professional advice where needed.
Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. The data and prices on the website are not necessarily provided by any market or exchange, but may be provided by market makers, and so prices may not be accurate and may differ from the actual price at any given market, meaning prices are indicative and not appropriate for trading purposes. Fusion Media and any provider of the data contained in this website will not accept liability for any loss or damage as a result of your trading, or your reliance on the information contained within this website.
It is prohibited to use, store, reproduce, display, modify, transmit or distribute the data contained in this website without the explicit prior written permission of Fusion Media and/or the data provider. All intellectual property rights are reserved by the providers and/or the exchange providing the data contained in this website.
Fusion Media may be compensated by the advertisers that appear on the website, based on your interaction with the advertisements or advertisers.
© 2007-2024 - Fusion Media Limited. All Rights Reserved.