The Prague Post - Beijing Olympics organisers say app security flaws 'fixed'

EUR -
AED 4.311517
AFN 80.459001
ALL 97.861046
AMD 449.221187
ANG 2.100718
AOA 1076.404609
ARS 1470.290435
AUD 1.791892
AWG 2.112899
AZN 2.000281
BAM 1.955013
BBD 2.36186
BDT 142.592634
BGN 1.956686
BHD 0.442465
BIF 3485.327509
BMD 1.173833
BND 1.49851
BOB 8.082783
BRL 6.553268
BSD 1.170034
BTN 100.194118
BWP 15.628646
BYN 3.828176
BYR 23007.121999
BZD 2.349665
CAD 1.604917
CDF 3387.681116
CHF 0.932257
CLF 0.029042
CLP 1114.483409
CNY 8.428413
CNH 8.427867
COP 4721.155341
CRC 589.9727
CUC 1.173833
CUP 31.106568
CVE 110.221126
CZK 24.648254
DJF 208.307083
DKK 7.461233
DOP 70.142976
DZD 152.223833
EGP 58.176561
ERN 17.607491
ETB 162.306368
FJD 2.634901
FKP 0.864841
GBP 0.86252
GEL 3.181417
GGP 0.864841
GHS 12.209078
GIP 0.864841
GMD 83.926443
GNF 10151.089069
GTQ 8.990421
GYD 244.622628
HKD 9.214546
HNL 30.588215
HRK 7.530838
HTG 153.529541
HUF 399.309142
IDR 19041.328036
ILS 3.884618
IMP 0.864841
INR 100.434424
IQD 1532.376982
IRR 49447.704165
ISK 143.407551
JEP 0.864841
JMD 186.993974
JOD 0.83225
JPY 171.616637
KES 151.365347
KGS 102.651416
KHR 4697.150304
KMF 494.183253
KPW 1056.423672
KRW 1612.059556
KWD 0.35849
KYD 0.974804
KZT 606.623365
LAK 25203.752916
LBP 104810.480117
LKR 351.667023
LRD 234.536643
LSL 20.882514
LTL 3.466023
LVL 0.71004
LYD 6.326482
MAD 10.564498
MDL 19.827108
MGA 5177.894824
MKD 61.530165
MMK 2464.470539
MNT 4212.368283
MOP 9.458295
MRU 46.636324
MUR 53.080621
MVR 18.074825
MWK 2028.375324
MXN 21.8418
MYR 4.989986
MZN 75.078902
NAD 20.850323
NGN 1793.616166
NIO 43.04305
NOK 11.834586
NPR 160.312236
NZD 1.953052
OMR 0.451335
PAB 1.169734
PEN 4.152629
PGK 4.907109
PHP 66.216227
PKR 333.957537
PLN 4.242845
PYG 9066.391117
QAR 4.265302
RON 5.073068
RSD 117.164962
RUB 91.794533
RWF 1683.276171
SAR 4.402767
SBD 9.786155
SCR 17.225646
SDG 704.881407
SEK 11.152469
SGD 1.50142
SHP 0.922448
SLE 26.414414
SLL 24614.690259
SOS 668.528197
SRD 43.725855
STD 24295.968071
SVC 10.234839
SYP 15262.325911
SZL 20.849523
THB 38.253444
TJS 11.317395
TMT 4.120153
TND 3.421238
TOP 2.749233
TRY 46.999799
TTD 7.942771
TWD 34.302327
TZS 3084.286863
UAH 48.893221
UGX 4199.328454
USD 1.173833
UYU 47.321164
UZS 14870.01764
VES 133.35479
VND 30639.969489
VUV 140.042854
WST 3.231986
XAF 655.690416
XAG 0.032209
XAU 0.000353
XCD 3.172342
XDR 0.815468
XOF 655.696
XPF 119.331742
YER 283.891327
ZAR 20.844629
ZMK 10565.899751
ZMW 28.454674
ZWL 377.973668
  • CMSC

    0.0900

    22.314

    +0.4%

  • CMSD

    0.0250

    22.285

    +0.11%

  • RBGPF

    0.0000

    69.04

    0%

  • SCS

    0.0400

    10.74

    +0.37%

  • RELX

    0.0300

    53

    +0.06%

  • RIO

    -0.1400

    59.33

    -0.24%

  • GSK

    0.1300

    41.45

    +0.31%

  • NGG

    0.2700

    71.48

    +0.38%

  • BP

    0.1750

    30.4

    +0.58%

  • BTI

    0.7150

    48.215

    +1.48%

  • BCC

    0.7900

    91.02

    +0.87%

  • JRI

    0.0200

    13.13

    +0.15%

  • VOD

    0.0100

    9.85

    +0.1%

  • BCE

    -0.0600

    22.445

    -0.27%

  • RYCEF

    0.1000

    12

    +0.83%

  • AZN

    -0.1200

    73.71

    -0.16%

Beijing Olympics organisers say app security flaws 'fixed'
Beijing Olympics organisers say app security flaws 'fixed'

Beijing Olympics organisers say app security flaws 'fixed'

An app that Winter Olympics attendees must use has been patched, a Chinese official told AFP Thursday, after cyber security researchers said they had found a "simple but devastating" flaw that could allow data leaks.

Text size:

Next month's Games are being held in a bubble that separates participants from the rest of the population as part of China's strict zero-Covid policy.

Those taking part -- from foreign athletes, delegates and media to the army of local volunteers and officials -- have to download a health-tracking app called MY2022.

Users report their health status daily through the app which collects data including vaccination status and coronavirus test results, as well as travel and passport details.

Earlier this week researchers at the University of Toronto's Citizen Lab said they discovered the app's security flaws could allow data including health information and voice messages to leak, which could then be read by "eavesdroppers" such as Wi-Fi hotspot operators.

But a senior Chinese Olympic official said any bugs had now been fixed.

"There is definitely no data leakage," Beijing Olympics Organising Committee (BOCOG) tech chief Yu Hong told AFP, adding that the app's user and privacy guidelines were reviewed by the International Olympic Committee.

"The security loopholes have already been fixed. If they existed in earlier versions, they have been fixed in the latest version."

The app's developers have been in email contact with Citizen Lab since Wednesday, Yu added, promising that there will be "relevant discussions" on follow-up work.

Yu did not deny there may have been security flaws in previous versions of the app and she suggested that BOCOG had not been aware of them.

"During development we have continued to test and use it. When new usage conditions appear some new technological imperfections may be discovered, these can be called loopholes," she said.

- Data laws -

Citizen Lab earlier said it had notified organisers about the issues in early December but received no reply.

However, Yu said organisers never saw the request because it was sent to an old email address.

China's data security laws require that health and medical data be encrypted during transmission and storage.

The Citizen Lab report claimed that the app's inadequate encryption could violate Chinese law, as well as Google and Apple mobile software policies.

"China has a history of undermining encryption technology to perform political censorship and surveillance," researcher Jeffrey Knockel wrote in the report.

Researchers also discovered the app's Android code contained an apparently inactive blacklist of over 2,400 "politically sensitive" phrases, and that it had a separate function to report other users' speech for "politically sensitive content".

But organisers denied ever requesting these functions, and said they have asked the developer to look into it.

They added that app health data would primarily be shared with virus control authorities, after the report claimed this was unclear.

"Use of data by individuals and departments is only permitted after the IOC confirms it," Yu said.

China maintains the world's most sophisticated digital tools to monitor and censor the internet for its citizens, blocking major Western platforms such as Twitter, Facebook and YouTube.

In recent days, Olympic associations in multiple Western countries have warned athletes to leave personal devices at home and bring "burner" phones to China.

Analysts have also warned of cybersecurity risks such as data theft and surveillance targeting attendees using public Wi-Fi networks and official SIM cards provided by organisers.

However, organisers and the Chinese government have dismissed such concerns as unfounded.

"The government will not monitor individuals' phones in any form," Yu said.

The app also provides a range of daily living services for users, such as translation, weather, transport schedules and accommodation booking.

L.Hajek--TPP