Beijing Olympics App Has Security Flaws, Cyber Group Claims

WASHINGTON (Sputnik) - The Beijing Winter Olympics app, dubbed My2022, and mandated for use by all Games attendees, has security flaws that may result in data breaches, Canadian cybersecurity group Citizen Lab warned on Tuesday.
Sputnik
"MY2022 ... has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Health customs forms which transmit passport details, demographic information, and medical and travel history are also vulnerable. Server responses can also be spoofed, allowing an attacker to display fake instructions to users," the group said in its press release.
It noted that the app is "straightforward" about the types of information it collects from users.
"However, as the app collects a range of highly sensitive medical information, it is unclear with whom or which organization(s) it shares this information," the group added.
The application also has features that allow its users to report "politically sensitive" content.
"The app also includes a censorship keyword list, which, while presently inactive, targets a variety of political topics including domestic issues such as Xinjiang and Tibet as well as references to Chinese government agencies," the group concluded.
Last week media outlets reported that the Netherlands, the United States and a number of other Western countries warned their athletes of cybersecurity concerns during the 2022 Winter Olympics in Beijing, and urged them to use disposable phones, or to use virtual private networks (VPNs) and to delete all personal data from gadgets.
Earlier on Tuesday, Chinese Foreign Ministry spokesman Zhao Lijian dismissed the claims as unjustified speculations.
The 2022 Winter Olympics will be held in Beijing from 4-20 February.
Discuss