A smartphone app built by China to monitor the health of attendees at the Beijing Winter Olympic Games next month contains security flaws that make it vulnerable to privacy breaches and hackers, a report released on Tuesday by Canadian researchers said.
The MY2022 app was built by the Beijing Organizing Committee to track and share virus-related medical information among the athletes during the Games.
Researchers with Toronto’s Citizen Lab project said that MY2022 failed to properly encrypt the transfer of personal data, leaving it vulnerable to hackers.
They also found that MY2022’s privacy policy does not specify with which organizations it shares the users’ information.
The International Olympic Committee (IOC) said that it had conducted independent assessments on the application and had not found any “critical vulnerabilities.”
“It is not compulsory to install ‘My 2022’ on cellphones,” the IOC said in a statement.
Yu Hong, director-general of the Beijing Organizing Committee’s technology department, yesterday said that the main function of the app is to monitor people’s health and the country follows strict rules to protect data.
All of the MY2022 app’s technology aspects have been validated by relevant app stores, Yu told a briefing hosted by China’s embassy in the US via video link from Beijing.
Technology vulnerabilities are normal when developing this kind of app, Yu said, adding that her department is constantly updating the app to remove issues.
The Citizen Lab researchers said they found the flaws in the iOS version of the app after creating an account on it.
They were unable to set up an account on the Android version, but said the security flaws existed in both MY2022 versions.
The app failed to validate SSL certificates, which are needed to authenticate a Web site’s identity and enable encrypted connections, they said, adding that this can be exploited by hackers to transmit the data to malicious sites.
“Such data can be read by any passive eavesdropper, such as someone in range of an unsecured Wi-Fi access point, someone operating a Wi-Fi hotspot, or an Internet service provider or other telecommunications company,” they said.
Citizen Lab said it had informed the Beijing Organizing Committee on Dec. 3, but had received no reply.
When Paddy Dwyer arrived in China in 1976, crowds jostled to catch a glimpse of him and his companions — the first Western soccer team to play in the country. China was emerging from the chaos of the Cultural Revolution, and on the brink of market reforms that would take the country from economic stagnation to explosive growth. “All we could see was lines of people running beside our bus, trying to look in the windows, to see their first visual of a white person,” he said. “It was all bicycles,” he said. “There were very few cars to be seen.” Dwyer,
A new NZ$683 million (US$404 million) stadium that was a symbol of Christchurch’s struggle to rebuild after a deadly earthquake struck the New Zealand city is to host its first match tomorrow in front of a sellout crowd. A magnitude 6.2 earthquake killed 185 people in February 2011 and toppled or damaged buildings, including the city’s old Lancaster Park. The stadium, which hosted international rugby and cricket, and was home to the Canterbury Crusaders, was badly damaged and never reopened. It was bulldozed in 2019 and turned into sports fields, leaving the Crusaders without a permanent home. Government funding for a new stadium was
Some of Clearlake Capital Group’s largest investors are growing increasingly concerned about how much time the company’s co-founders are spending on sports investments as they have struggled to complete the fundraising for the private equity firm’s latest flagship fund. One of Clearlake’s co-founders, Behdad Eghbali, has been spending what some investors described as a disproportionate amount of time on the firm’s investment in Chelsea Football Club in recent months. Now, co-founder Jose E. Feliciano and his wife, Kwanza Jones, are nearing a record US$3.9 billion deal to acquire the San Diego Padres. That personal investment by Feliciano has set off the latest
The Philadelphia Flyers and the Pittsburg Penguins on Wednesday put a squeeze on the penalty box in Game 3 of their NHL playoff series — with 11 players cramped inside their designated punishment areas. Each could have snapped a team photo after a melee broke out in the second period of the Flyers’ 5-2 win over the Penguins in their Eastern Conference first-round series. “It was a party in there,” penalized Flyers defenseman Nick Seeler said. The celebration extended into the joyous locker room after the Flyers took a 3-0 series lead. Penguins forward Bryan Rust slammed Travis Konecny to the ice behind the
RSS