Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
SCS
0.0200
The Fort Worth Press - Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
USD
-
AED 3.672499
AFN 65.000102
ALL 80.716215
AMD 378.656912
ANG 1.79008
AOA 916.999995
ARS 1444.5061
AUD 1.42104
AWG 1.80125
AZN 1.703701
BAM 1.633386
BBD 2.013103
BDT 122.138616
BGN 1.67937
BHD 0.376968
BIF 2960.735925
BMD 1
BND 1.261227
BOB 6.906746
BRL 5.197202
BSD 0.999495
BTN 91.809686
BWP 13.078391
BYN 2.841896
BYR 19600
BZD 2.010222
CAD 1.35408
CDF 2240.000163
CHF 0.765525
CLF 0.021855
CLP 862.939783
CNY 6.95465
CNH 6.94074
COP 3670.36
CRC 496.072757
CUC 1
CUP 26.5
CVE 92.086637
CZK 20.29245
DJF 177.719931
DKK 6.235745
DOP 62.885991
DZD 129.171921
EGP 46.837506
ERN 15
ETB 155.421337
EUR 0.83513
FJD 2.1911
FKP 0.725629
GBP 0.72366
GEL 2.695061
GGP 0.725629
GHS 10.924686
GIP 0.725629
GMD 73.000235
GNF 8770.633161
GTQ 7.668217
GYD 209.112281
HKD 7.80161
HNL 26.37704
HRK 6.2933
HTG 130.891386
HUF 317.563026
IDR 16741.65
ILS 3.097875
IMP 0.725629
INR 92.04105
IQD 1309.331429
IRR 42125.000158
ISK 120.909983
JEP 0.725629
JMD 156.680488
JOD 0.709025
JPY 153.081999
KES 129.000187
KGS 87.450173
KHR 4017.905611
KMF 412.000074
KPW 899.941848
KRW 1427.75028
KWD 0.30645
KYD 0.832978
KZT 503.603671
LAK 21533.681872
LBP 89506.589387
LKR 309.494281
LRD 184.910514
LSL 15.892551
LTL 2.95274
LVL 0.60489
LYD 6.276907
MAD 9.037126
MDL 16.761456
MGA 4459.737093
MKD 51.481981
MMK 2099.981308
MNT 3572.641598
MOP 8.032705
MRU 39.899616
MUR 45.090023
MVR 15.460024
MWK 1733.186347
MXN 17.16525
MYR 3.918993
MZN 63.759786
NAD 15.892618
NGN 1394.459919
NIO 36.779996
NOK 9.574604
NPR 146.893491
NZD 1.65069
OMR 0.384496
PAB 0.999516
PEN 3.344329
PGK 4.278419
PHP 58.780105
PKR 279.608654
PLN 3.512035
PYG 6712.014732
QAR 3.634154
RON 4.256097
RSD 98.041985
RUB 76.546829
RWF 1458.255038
SAR 3.750365
SBD 8.077676
SCR 13.753586
SDG 601.498846
SEK 8.82156
SGD 1.261875
SHP 0.750259
SLE 24.303915
SLL 20969.499267
SOS 570.233129
SRD 38.092028
STD 20697.981008
STN 20.460913
SVC 8.745579
SYP 11059.574895
SZL 15.88602
THB 31.139852
TJS 9.34036
TMT 3.5
TND 2.858467
TOP 2.40776
TRY 43.413099
TTD 6.783978
TWD 31.282102
TZS 2560.000284
UAH 42.724642
UGX 3578.571995
UYU 37.82346
UZS 12092.817384
VES 358.47615
VND 26065
VUV 119.671185
WST 2.725359
XAF 547.815484
XAG 0.008493
XAU 0.000182
XCD 2.70255
XCG 1.801312
XDR 0.68021
XOF 547.813197
XPF 99.5983
YER 238.393717
ZAR 15.709905
ZMK 9001.201624
ZMW 19.865039
ZWL 321.999592
- Gold soars past $5,500 as Trump sabre rattles over Iran
- Samsung logs best-ever profit on AI chip demand
- China's ambassador warns Australia on buyback of key port
- 'Bombshell': What top general's fall means for China's military
- As US tensions churn, new generation of protest singers meet the moment
- Venezuelans eye economic revival with hoped-for oil resurgence
- Online platforms offer filtering to fight AI slop
- With Trump allies watching, Canada oil hub faces separatist bid
- Samsung Electronics posts record profit on AI demand
- Rockets veteran Adams out for rest of NBA season
Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
An app all attendees of the upcoming Beijing Olympics must use has encryption flaws that could allow personal information to leak, a cyber security watchdog said Tuesday.
The "simple but devastating flaw" in the encryption of the MY2022 app, which is used to monitor Covid and is mandatory for athletes, journalists and other attendees of the games in China's capital, could allow health information, voice messages and other data to leak, warned Jeffrey Knockel, author of the report for Citizen Lab.
The International Olympic Committee responded to the report by saying users can disable the app's access to parts of their phones and that assessments from two unnamed cyber security organizations "confirmed that there are no critical vulnerabilities."
"The user is in control over what the... app can access on their device," the committee told AFP, adding that installing it on cellphones isn't required "as accredited personnel can log on to the health monitoring system on the web page instead."
The committee said it had asked Citizen Lab for its report "to understand their concerns better."
Citizen Lab said it notified the Chinese organizing committee for the Games of the issues in early December and gave them 15 days to respond and 45 days to fix the problem, but received no reply.
"China has a history of undermining encryption technology to perform political censorship and surveillance," Knockel wrote.
"As such, it is reasonable to ask whether the encryption in this app was intentionally sabotaged for surveillance purposes or whether the defect was born of developer negligence," he continued, adding that "the case for the Chinese government sabotaging MY2022's encryption is problematic."
The flaws affect SSL certificates, which allow online entities to communicate securely.
MY2022 doesn't authenticate SSL certificates, meaning other parties could access the app's data, while data is transmitted without the usual encryption SSL certificates have, Knockel wrote.
While the app is transparent about the medical information it collects as part of China's efforts to screen Covid-19 cases, he said "it is unclear with whom or which organization(s) it shares this information."
MY2022 also contains a list called "illegalwords.txt" of "politically sensitive" phrases in China, many of which relate to China's political situation or its Tibetan and Uighur Muslim minorities.
These include keywords like "CCP evil" and Xi Jinping, China's president, though Knockel said it was unclear if the list was being actively used for censorship purposes.
Because of these features, the app may violate both Google and Apple policies around smartphone software, and "also China's own laws and national standards pertaining to privacy protection, providing potential avenues for future redress," he wrote.
W.Matthews--TFWP
