Business News

Olympics-China Games application has security flaws, researchers tell Reuters

[ad_1]

© Reuters. A woman has been photographed in front of a Beijing 2022 facility near the “bubble” of the closed loop of the 2022 Winter Olympics in Beijing on January 18, 2022 in Beijing, China. REUTERS / Thomas Peter

(Reuters) – A Chinese-built phone app to monitor China’s health at Beijing Winter Olympics next month has security flaws that make it vulnerable to privacy breaches and hacking, according to a https: // report released by Canadian investigators on Tuesday. .

The MY2022 app was built by the Beijing Organizing Committee primarily to track and share medical information related to COVID-19 among athletes during the Games.

Researchers at the Citizen Lab project in Toronto said that MY2022 did not properly encrypt the transfer of personal data, leaving it vulnerable to hackers. They also found that MY2022’s privacy policy does not specify which organization would share user information with.

The International Olympic Committee (IOC) said it had conducted independent evaluations of the application and found no “critical vulnerabilities”.

“It is not mandatory to install‘ My 2022 ’on mobile phones,” the IOC said in a statement.

Yu Hong, the commission’s chief technology officer, said Wednesday that the main function of the app is to monitor people’s health and that the country complies with strict data protection rules.

All aspects of the MY2022 app have been validated by major app stores, the head of Beijing 2022 said at a conference hosted by the Chinese embassy in the United States. He was talking on video from Beijing.

Yu also said that the weaknesses in technology were natural in the development of this type of application, that his department was constantly updating it to eliminate these problems.

Researchers at Citizen Lab said they found bugs in the iOS version of the app after creating an account there. They were unable to set up an account on the Android version, but said security flaws were present in both versions of MY2022.

The report said that MY2022 was unable to validate the SSL certificates required to authenticate a website’s identity and enable encrypted connection. This can be exploited by hackers to transmit data to malicious sites.

The encrypted data is sent to “tmail.beijing2022.cn” for MY2022.

“Any passive listener can read this data, such as someone in the area of ​​a secure WiFi hotspot, someone operating a WiFi hotspot, or an Internet service provider or other telecommunications company,” the report says.

Citizen Lab said it had reported security concerns to the Beijing Winter Olympics Organizing Committee on Dec. 3, but had received no response.

The Winter Olympics begin on February 4th. Several countries, including the United States, Britain, Japan and Australia, have announced a diplomatic boycott of China over human rights concerns.

Note: Fusion Media Please note that the data contained on this website may not be real-time or accurate. All CFDs (stocks, indices, futures) and Forex prices are not provided by exchanges, but by creative markets, so they may not be accurate and different from actual market prices, which are indicative and not suitable for trading purposes. Therefore, Fusion Media assumes no responsibility for any commercial losses you may suffer as a result of your use of this data.

Fusion Media or anyone involved with Fusion Media will not be held liable for any loss or damage as a result of relying on the information contained in the data, estimates, charts and buy / sell signals contained on this website. Please be informed that one of the most risky forms of investment possible is the full information on the risks and costs associated with trading in the financial markets.

[ad_2]

Source link

Related Articles

Back to top button