Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
RIO
-0.8600
The Fort Worth Press - Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
USD
-
AED 3.672983
AFN 66.036255
ALL 91.163461
AMD 388.497447
ANG 1.808116
AOA 911.50499
ARS 980.736503
AUD 1.49028
AWG 1.8025
AZN 1.703248
BAM 1.80616
BBD 2.025691
BDT 119.896569
BGN 1.805671
BHD 0.376977
BIF 2912.603428
BMD 1
BND 1.31732
BOB 6.932375
BRL 5.653599
BSD 1.003241
BTN 84.343008
BWP 13.430665
BYN 3.282697
BYR 19600
BZD 2.022274
CAD 1.37916
CDF 2844.999734
CHF 0.865903
CLF 0.034299
CLP 946.409739
CNY 7.116499
CNH 7.121555
COP 4252.75
CRC 516.118904
CUC 1
CUP 26.5
CVE 101.825687
CZK 23.286701
DJF 178.651571
DKK 6.88106
DOP 60.357008
DZD 133.440627
EGP 48.628627
ERN 15
ETB 120.991698
EUR 0.922545
FJD 2.23025
FKP 0.765169
GBP 0.76614
GEL 2.720109
GGP 0.765169
GHS 16.052415
GIP 0.765169
GMD 69.497535
GNF 8654.618659
GTQ 7.757021
GYD 209.781234
HKD 7.76911
HNL 24.977606
HRK 6.88903
HTG 132.081744
HUF 369.123501
IDR 15464.9
ILS 3.71557
IMP 0.765169
INR 84.064802
IQD 1314.27305
IRR 42102.507732
ISK 137.650328
JEP 0.765169
JMD 159.222082
JOD 0.708897
JPY 149.883014
KES 129.000117
KGS 85.497688
KHR 4073.359252
KMF 454.850265
KPW 899.999774
KRW 1369.914979
KWD 0.306511
KYD 0.836096
KZT 489.20943
LAK 22005.005125
LBP 89840.843295
LKR 293.806388
LRD 193.121217
LSL 17.684899
LTL 2.95274
LVL 0.60489
LYD 4.822281
MAD 9.909871
MDL 17.802362
MGA 4589.54931
MKD 56.83726
MMK 3247.960992
MNT 3398.000028
MOP 8.033669
MRU 39.707458
MUR 46.440497
MVR 15.359872
MWK 1739.596175
MXN 19.814255
MYR 4.306498
MZN 63.904994
NAD 17.684899
NGN 1637.669639
NIO 36.919724
NOK 10.904185
NPR 134.949071
NZD 1.64871
OMR 0.384974
PAB 1.003241
PEN 3.78021
PGK 3.95054
PHP 57.54097
PKR 278.702367
PLN 3.973763
PYG 7881.686967
QAR 3.657897
RON 4.5892
RSD 107.940996
RUB 97.3996
RWF 1366.343765
SAR 3.755834
SBD 8.340864
SCR 13.99903
SDG 601.495715
SEK 10.5266
SGD 1.312785
SHP 0.765169
SLE 22.620277
SLL 20969.496802
SOS 573.373103
SRD 32.745498
STD 20697.981008
SVC 8.778443
SYP 2512.530268
SZL 17.776423
THB 33.118021
TJS 10.679761
TMT 3.5
TND 3.103085
TOP 2.342099
TRY 34.201894
TTD 6.811403
TWD 32.116028
TZS 2724.999935
UAH 41.362182
UGX 3685.508223
UYU 41.841738
UZS 12844.451832
VEF 3622552.534434
VES 39.085595
VND 25245
VUV 118.722039
WST 2.801184
XAF 605.743863
XAG 0.031136
XAU 0.000369
XCD 2.70255
XDR 0.74975
XOF 605.746659
XPF 110.13224
YER 250.375023
ZAR 17.6176
ZMK 9001.187821
ZMW 26.711854
ZWL 321.999592
- Ravindra's 134 puts New Zealand in command of India Test
- Kenya's Ruto nominates new deputy after impeachment
- Israel conducts raids on Gaza after killing Hamas chief Sinwar
- Asian markets rise as China economy tops forecasts, gold hits record
- Pakistan crush England in second Test to set up series decider
- Britain's Lammy in Beijing to push China on contentious issues
- Harris, Trump to rally voters in key state on same day
- US sees new chance to end Gaza war with Sinwar killing
- From Siberia to the Sahara: Huskies conquer Mauritania
- Britain's Lammy in Beijing to 'challenge' China on contentious issues
Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
An app all attendees of the upcoming Beijing Olympics must use has encryption flaws that could allow personal information to leak, a cyber security watchdog said Tuesday.
The "simple but devastating flaw" in the encryption of the MY2022 app, which is used to monitor Covid and is mandatory for athletes, journalists and other attendees of the games in China's capital, could allow health information, voice messages and other data to leak, warned Jeffrey Knockel, author of the report for Citizen Lab.
The International Olympic Committee responded to the report by saying users can disable the app's access to parts of their phones and that assessments from two unnamed cyber security organizations "confirmed that there are no critical vulnerabilities."
"The user is in control over what the... app can access on their device," the committee told AFP, adding that installing it on cellphones isn't required "as accredited personnel can log on to the health monitoring system on the web page instead."
The committee said it had asked Citizen Lab for its report "to understand their concerns better."
Citizen Lab said it notified the Chinese organizing committee for the Games of the issues in early December and gave them 15 days to respond and 45 days to fix the problem, but received no reply.
"China has a history of undermining encryption technology to perform political censorship and surveillance," Knockel wrote.
"As such, it is reasonable to ask whether the encryption in this app was intentionally sabotaged for surveillance purposes or whether the defect was born of developer negligence," he continued, adding that "the case for the Chinese government sabotaging MY2022's encryption is problematic."
The flaws affect SSL certificates, which allow online entities to communicate securely.
MY2022 doesn't authenticate SSL certificates, meaning other parties could access the app's data, while data is transmitted without the usual encryption SSL certificates have, Knockel wrote.
While the app is transparent about the medical information it collects as part of China's efforts to screen Covid-19 cases, he said "it is unclear with whom or which organization(s) it shares this information."
MY2022 also contains a list called "illegalwords.txt" of "politically sensitive" phrases in China, many of which relate to China's political situation or its Tibetan and Uighur Muslim minorities.
These include keywords like "CCP evil" and Xi Jinping, China's president, though Knockel said it was unclear if the list was being actively used for censorship purposes.
Because of these features, the app may violate both Google and Apple policies around smartphone software, and "also China's own laws and national standards pertaining to privacy protection, providing potential avenues for future redress," he wrote.
W.Matthews--TFWP
