Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
RIO
-1.4300
The Prague Post - Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
EUR
-
AED 4.290251
AFN 73.597192
ALL 95.327012
AMD 434.376173
ANG 2.090961
AOA 1072.417422
ARS 1627.038867
AUD 1.638903
AWG 2.104239
AZN 1.983981
BAM 1.95596
BBD 2.353102
BDT 143.351691
BGN 1.948694
BHD 0.441125
BIF 3463.743448
BMD 1.16821
BND 1.492222
BOB 8.073693
BRL 5.872124
BSD 1.1683
BTN 109.86143
BWP 15.791288
BYN 3.298869
BYR 22896.921277
BZD 2.349802
CAD 1.601359
CDF 2702.070359
CHF 0.919171
CLF 0.026565
CLP 1045.513248
CNY 7.974788
CNH 7.985845
COP 4167.192944
CRC 531.945658
CUC 1.16821
CUP 30.957572
CVE 110.45444
CZK 24.358878
DJF 207.614006
DKK 7.473222
DOP 69.695394
DZD 154.889654
EGP 61.472277
ERN 17.523154
ETB 182.943529
FJD 2.576079
FKP 0.865097
GBP 0.86742
GEL 3.136612
GGP 0.865097
GHS 12.955464
GIP 0.865097
GMD 85.86428
GNF 10251.045077
GTQ 8.931728
GYD 244.452028
HKD 9.152536
HNL 31.09803
HRK 7.534024
HTG 153.052482
HUF 366.316279
IDR 20191.346294
ILS 3.506155
IMP 0.865097
INR 110.147274
IQD 1530.355453
IRR 1539759.545571
ISK 143.818343
JEP 0.865097
JMD 184.435041
JOD 0.828266
JPY 186.614597
KES 151.037468
KGS 102.119454
KHR 4684.523734
KMF 492.984311
KPW 1051.330855
KRW 1731.59137
KWD 0.359587
KYD 0.973679
KZT 542.756586
LAK 25618.851512
LBP 104552.590108
LKR 370.540218
LRD 215.271964
LSL 19.450475
LTL 3.449422
LVL 0.706639
LYD 7.417768
MAD 10.817494
MDL 20.270653
MGA 4842.231576
MKD 61.638444
MMK 2452.962395
MNT 4181.137819
MOP 9.426009
MRU 46.739656
MUR 54.707701
MVR 18.06022
MWK 2029.181056
MXN 20.351506
MYR 4.636047
MZN 74.652681
NAD 19.450876
NGN 1578.625762
NIO 42.885366
NOK 10.912076
NPR 175.777335
NZD 1.995899
OMR 0.449179
PAB 1.1683
PEN 4.049033
PGK 4.979788
PHP 70.961767
PKR 325.693861
PLN 4.241152
PYG 7397.603285
QAR 4.258708
RON 5.091175
RSD 117.4063
RUB 88.637932
RWF 1706.755203
SAR 4.381459
SBD 9.402437
SCR 16.722726
SDG 701.512386
SEK 10.815811
SGD 1.493183
SHP 0.872187
SLE 28.698453
SLL 24496.780762
SOS 667.626749
SRD 43.689915
STD 24179.593966
STN 24.760217
SVC 10.222834
SYP 129.241954
SZL 19.451384
THB 37.94055
TJS 10.982343
TMT 4.094577
TND 3.367362
TOP 2.81277
TRY 52.598381
TTD 7.92068
TWD 36.795138
TZS 3051.947273
UAH 51.323686
UGX 4346.354452
USD 1.16821
UYU 46.203768
UZS 14076.933545
VES 563.934495
VND 30744.373761
VUV 137.88675
WST 3.183839
XAF 656.010499
XAG 0.015565
XAU 0.000249
XCD 3.157147
XCG 2.105681
XDR 0.813777
XOF 653.029202
XPF 119.331742
YER 278.764134
ZAR 19.435689
ZMK 10515.294516
ZMW 21.876878
ZWL 376.16323
- Musk says Tesla has started 'robotaxi' production
- Suspected Nazi-looted Stradivarius reappears in France, says expert
- Glacier block delays route-setting on Everest
- China's DeepSeek releases long-awaited new AI model
- Appeal board says homophobia 'commonplace' in Aussie Rules
- Hot pants: Tokyo government workers swap suits for shorts
- Chinese EV makers take centre stage at world's biggest auto show
- Concern stirs Lula camp as election bid loses momentum
- China's top AI players
- Five things to know about Chinese AI startup DeepSeek
Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
An app all attendees of the upcoming Beijing Olympics must use has encryption flaws that could allow personal information to leak, a cyber security watchdog said Tuesday.
The "simple but devastating flaw" in the encryption of the MY2022 app, which is used to monitor Covid and is mandatory for athletes, journalists and other attendees of the games in China's capital, could allow health information, voice messages and other data to leak, warned Jeffrey Knockel, author of the report for Citizen Lab.
The International Olympic Committee responded to the report by saying users can disable the app's access to parts of their phones and that assessments from two unnamed cyber security organizations "confirmed that there are no critical vulnerabilities."
"The user is in control over what the... app can access on their device," the committee told AFP, adding that installing it on cellphones isn't required "as accredited personnel can log on to the health monitoring system on the web page instead."
The committee said it had asked Citizen Lab for its report "to understand their concerns better."
Citizen Lab said it notified the Chinese organizing committee for the Games of the issues in early December and gave them 15 days to respond and 45 days to fix the problem, but received no reply.
"China has a history of undermining encryption technology to perform political censorship and surveillance," Knockel wrote.
"As such, it is reasonable to ask whether the encryption in this app was intentionally sabotaged for surveillance purposes or whether the defect was born of developer negligence," he continued, adding that "the case for the Chinese government sabotaging MY2022's encryption is problematic."
The flaws affect SSL certificates, which allow online entities to communicate securely.
MY2022 doesn't authenticate SSL certificates, meaning other parties could access the app's data, while data is transmitted without the usual encryption SSL certificates have, Knockel wrote.
While the app is transparent about the medical information it collects as part of China's efforts to screen Covid-19 cases, he said "it is unclear with whom or which organization(s) it shares this information."
MY2022 also contains a list called "illegalwords.txt" of "politically sensitive" phrases in China, many of which relate to China's political situation or its Tibetan and Uighur Muslim minorities.
These include keywords like "CCP evil" and Xi Jinping, China's president, though Knockel said it was unclear if the list was being actively used for censorship purposes.
Because of these features, the app may violate both Google and Apple policies around smartphone software, and "also China's own laws and national standards pertaining to privacy protection, providing potential avenues for future redress," he wrote.
E.Cerny--TPP
