Connect with us

Hi, what are you looking for?

Tech & Science

Mandatory Chinese Olympics app has ‘devastating’ encryption flaw: analyst

Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
All those attending the Olympics in Beijing have to download MY2022, an app China says is to monitor Covid, but which anaylsts warn has "devastating" security flaws - Copyright Indonesian Presidential Palace/AFP HANDOUT
All those attending the Olympics in Beijing have to download MY2022, an app China says is to monitor Covid, but which anaylsts warn has "devastating" security flaws - Copyright Indonesian Presidential Palace/AFP HANDOUT

An app all attendees of the upcoming Beijing Olympics must use has encryption flaws that could allow personal information to leak, a cyber security watchdog said Tuesday.

The “simple but devastating flaw” in the encryption of the MY2022 app, which is used to monitor Covid and is mandatory for athletes, journalists and other attendees of the games in China’s capital, could allow health information, voice message and other data to leak, warned Jeffrey Knockel, author of the report for Citizen Lab.

Citizen Lab notified the Chinese organizing committee for the Games of the issues in early December and gave them 15 days to respond and 45 days to fix the problem, but received no reply.

“China has a history of undermining encryption technology to perform political censorship and surveillance,” Knockel wrote. 

“As such, it is reasonable to ask whether the encryption in this app was intentionally sabotaged for surveillance purposes or whether the defect was born of developer negligence,” he continued, adding that “the case for the Chinese government sabotaging MY2022’s encryption is problematic.”

The flaws affect SSL certificates, which allow online entities to communicate securely. In one case, MY2022 doesn’t authenticate SSL certificates, meaning other parties could access the app’s data, while another sees data transmitted without the usual encryption SSL certificates have.

Knockel said that while the app is transparent about medical information it collects as part of China’s efforts to screen Covid-19 cases, “it is unclear with whom or which organization(s) it shares this information.”

MY2022 also contains a list called “illegalwords.txt” of “politically sensitive” phrases in China, many of which relate to China’s political situation or its Tibetan and Uighur Muslim minorities.

These include keywords like “CCP evil” and Xi Jinping, China’s president, though Knockel said it was unclear if the list was being actively used of censorship purposes.

Because of these features, the app may violate both Google and Apple policies around smartphone software, and “also China’s own laws and national standards pertaining to privacy protection, providing potential avenues for future redress,” he wrote.

AFP
Written By

With 2,400 staff representing 100 different nationalities, AFP covers the world as a leading global news agency. AFP provides fast, comprehensive and verified coverage of the issues affecting our daily lives.

You may also like:

World

Floodwater fills a cemetery as Hurricane Francine moves in on September 11, 2024 in Dulac, Louisiana - Copyright GETTY IMAGES NORTH AMERICA/AFP Brandon BellWill...

Business

Shares in UniCredit rose as its CEO said acquiring Commerzbank was a possibility - Copyright AFP Alexander NEMENOVUniCredit is studying a takeover of Commerzbank,...

Business

Products grown on recently deforested land will soon be banned from the European Union - Copyright AFP/File Jason RedmondBrazil said Thursday it has urged...

Business

The Dutch city of The Hague has become the first in the world to pass local laws banning advertisements for fossil fuels.