Sign In

Communications of the ACM

ACM TechNews

Security Flaws Seen in China's Mandatory Olympics App for Athletes

View as: Print Mobile App Share:
A locker room at the Thaiwoo Ski Resort, a host for the 2022 Beijing Winter Olympics, in Zhangjiakou in Hebei Province, China.

The mandatory smartphone app that athletes will use to report health and travel data when they are in China for the Olympics next month has serious encryption flaws, according to a new report.

Cedit: Roman Pilipey/EPA/Shutterstock

Canada's University of Toronto-based cybersecurity watchdog Citizen Lab has detailed encryption flaws in the mandatory smartphone application China created for Winter Olympics athletes.

Portions of the MY2022 app that will transmit coronavirus test results, travel information, and other personal data did not confirm the signature used in encrypted transfers, or failed to encrypt metadata.

The Citizen Lab researchers suspect the flaws are unintentional, since the government will already be receiving data from the app, making in-transit data interception unnecessary.

The Beijing Organizing Committee reportedly has not responded to Citizen Lab's disclosure of the flaws, and a January update has not resolved the issues.

From The New York Times
View Full Article - May Require Paid Subscription


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account