The Fort Worth Press - Beijing Olympics organisers say app security flaws 'fixed'

USD -
AED 3.672504
AFN 65.000368
ALL 82.125815
AMD 366.589327
ANG 1.790403
AOA 917.000367
ARS 1489.046535
AUD 1.43575
AWG 1.8
AZN 1.70397
BAM 1.712385
BBD 2.016198
BDT 123.381342
BGN 1.69088
BHD 0.377446
BIF 2978.067679
BMD 1
BND 1.292212
BOB 6.923833
BRL 5.111404
BSD 1.001007
BTN 95.359629
BWP 13.538502
BYN 2.861533
BYR 19600
BZD 2.013308
CAD 1.41735
CDF 2258.000362
CHF 0.808342
CLF 0.023592
CLP 928.512017
CNY 6.77695
CNH 6.782275
COP 3294.663573
CRC 455.36926
CUC 1
CUP 26.5
CVE 96.54161
CZK 21.248804
DJF 178.260299
DKK 6.548975
DOP 58.783873
DZD 133.256578
EGP 49.625706
ERN 15
ETB 160.578558
EUR 0.875804
FJD 2.233204
FKP 0.745078
GBP 0.746185
GEL 2.64504
GGP 0.745078
GHS 11.476601
GIP 0.745078
GMD 73.503851
GNF 8779.932583
GTQ 7.638226
GYD 209.403318
HKD 7.83915
HNL 26.799457
HRK 6.600504
HTG 131.007311
HUF 311.790388
IDR 18080.55
ILS 3.010904
IMP 0.745078
INR 95.330504
IQD 1311.38642
IRR 1374750.000352
ISK 125.640386
JEP 0.745078
JMD 158.166616
JOD 0.70904
JPY 161.66504
KES 129.387559
KGS 87.448804
KHR 4035.371886
KMF 432.00035
KPW 900.00035
KRW 1499.070383
KWD 0.30956
KYD 0.834216
KZT 471.916999
LAK 22573.217178
LBP 89643.129186
LKR 335.849057
LRD 181.788732
LSL 16.304951
LTL 2.95274
LVL 0.60489
LYD 6.411592
MAD 9.351311
MDL 17.593136
MGA 4291.905617
MKD 53.968393
MMK 2099.567367
MNT 3586.200235
MOP 8.082914
MRU 39.881802
MUR 47.080378
MVR 15.450378
MWK 1735.849057
MXN 17.468404
MYR 4.070377
MZN 63.903729
NAD 16.304951
NGN 1377.920377
NIO 36.834041
NOK 9.782604
NPR 152.575406
NZD 1.727265
OMR 0.384617
PAB 1.001007
PEN 3.400604
PGK 4.468765
PHP 61.447038
PKR 278.263976
PLN 3.79005
PYG 6085.890645
QAR 3.649433
RON 4.587104
RSD 102.77109
RUB 76.636169
RWF 1470.559909
SAR 3.758206
SBD 8.048583
SCR 14.56525
SDG 600.503676
SEK 9.714225
SGD 1.292804
SHP 0.746601
SLE 24.350371
SLL 20969.503664
SOS 572.078974
SRD 37.610504
STD 20697.981008
STN 21.450773
SVC 8.75892
SYP 110.532098
SZL 16.302587
THB 33.288038
TJS 9.264632
TMT 3.5
TND 2.958981
TOP 2.40776
TRY 46.984504
TTD 6.801208
TWD 32.113504
TZS 2630.214945
UAH 44.533818
UGX 3683.404106
UYU 40.362474
UZS 12090.355908
VES 708.806404
VND 26267.5
VUV 120.293183
WST 2.760951
XAF 574.317734
XAG 0.016706
XAU 0.000243
XCD 2.70255
XCG 1.804141
XDR 0.714267
XOF 574.317734
XPF 104.417108
YER 237.075037
ZAR 16.316875
ZMK 9001.203584
ZMW 18.04404
ZWL 321.999592
  • CMSC

    0.0650

    22.085

    +0.29%

  • CMSD

    0.0700

    22.38

    +0.31%

  • BTI

    -0.0151

    60.02

    -0.03%

  • GSK

    0.3100

    52.78

    +0.59%

  • RIO

    1.0500

    90.54

    +1.16%

  • BCE

    0.0600

    21.38

    +0.28%

  • BP

    0.6500

    39.2

    +1.66%

  • NGG

    0.2700

    82.59

    +0.33%

  • RELX

    0.3700

    32.44

    +1.14%

  • RBGPF

    0.3500

    67.35

    +0.52%

  • JRI

    -0.0200

    13.01

    -0.15%

  • AZN

    -6.8800

    171.61

    -4.01%

  • VOD

    1.6400

    14.72

    +11.14%

  • BCC

    3.8200

    76.06

    +5.02%

  • RYCEF

    0.3800

    19.46

    +1.95%

Beijing Olympics organisers say app security flaws 'fixed'
Beijing Olympics organisers say app security flaws 'fixed'

Beijing Olympics organisers say app security flaws 'fixed'

An app that Winter Olympics attendees must use has been patched, a Chinese official told AFP Thursday, after cyber security researchers said they had found a "simple but devastating" flaw that could allow data leaks.

Text size:

Next month's Games are being held in a bubble that separates participants from the rest of the population as part of China's strict zero-Covid policy.

Those taking part -- from foreign athletes, delegates and media to the army of local volunteers and officials -- have to download a health-tracking app called MY2022.

Users report their health status daily through the app which collects data including vaccination status and coronavirus test results, as well as travel and passport details.

Earlier this week researchers at the University of Toronto's Citizen Lab said they discovered the app's security flaws could allow data including health information and voice messages to leak, which could then be read by "eavesdroppers" such as Wi-Fi hotspot operators.

But a senior Chinese Olympic official said any bugs had now been fixed.

"There is definitely no data leakage," Beijing Olympics Organising Committee (BOCOG) tech chief Yu Hong told AFP, adding that the app's user and privacy guidelines were reviewed by the International Olympic Committee.

"The security loopholes have already been fixed. If they existed in earlier versions, they have been fixed in the latest version."

The app's developers have been in email contact with Citizen Lab since Wednesday, Yu added, promising that there will be "relevant discussions" on follow-up work.

Yu did not deny there may have been security flaws in previous versions of the app and she suggested that BOCOG had not been aware of them.

"During development we have continued to test and use it. When new usage conditions appear some new technological imperfections may be discovered, these can be called loopholes," she said.

- Data laws -

Citizen Lab earlier said it had notified organisers about the issues in early December but received no reply.

However, Yu said organisers never saw the request because it was sent to an old email address.

China's data security laws require that health and medical data be encrypted during transmission and storage.

The Citizen Lab report claimed that the app's inadequate encryption could violate Chinese law, as well as Google and Apple mobile software policies.

"China has a history of undermining encryption technology to perform political censorship and surveillance," researcher Jeffrey Knockel wrote in the report.

Researchers also discovered the app's Android code contained an apparently inactive blacklist of over 2,400 "politically sensitive" phrases, and that it had a separate function to report other users' speech for "politically sensitive content".

But organisers denied ever requesting these functions, and said they have asked the developer to look into it.

They added that app health data would primarily be shared with virus control authorities, after the report claimed this was unclear.

"Use of data by individuals and departments is only permitted after the IOC confirms it," Yu said.

China maintains the world's most sophisticated digital tools to monitor and censor the internet for its citizens, blocking major Western platforms such as Twitter, Facebook and YouTube.

In recent days, Olympic associations in multiple Western countries have warned athletes to leave personal devices at home and bring "burner" phones to China.

Analysts have also warned of cybersecurity risks such as data theft and surveillance targeting attendees using public Wi-Fi networks and official SIM cards provided by organisers.

However, organisers and the Chinese government have dismissed such concerns as unfounded.

"The government will not monitor individuals' phones in any form," Yu said.

The app also provides a range of daily living services for users, such as translation, weather, transport schedules and accommodation booking.

W.Lane--TFWP