Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
RYCEF
0.0500
The Prague Post - Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
EUR
-
AED 4.123399
AFN 78.802091
ALL 98.053741
AMD 436.603484
ANG 2.023306
AOA 1029.451874
ARS 1265.736645
AUD 1.744052
AWG 2.020735
AZN 1.87695
BAM 1.9509
BBD 2.265011
BDT 136.297693
BGN 1.951114
BHD 0.423098
BIF 3337.218678
BMD 1.122631
BND 1.456342
BOB 7.751532
BRL 6.348818
BSD 1.121783
BTN 95.738556
BWP 15.210799
BYN 3.67108
BYR 22003.558739
BZD 2.253341
CAD 1.562876
CDF 3224.194593
CHF 0.936607
CLF 0.027348
CLP 1049.468651
CNY 8.124811
CNH 8.101817
COP 4756.22639
CRC 569.370045
CUC 1.122631
CUP 29.74971
CVE 109.988767
CZK 24.929103
DJF 199.758313
DKK 7.460307
DOP 66.004232
DZD 149.420999
EGP 56.796233
ERN 16.839458
ETB 150.512792
FJD 2.547467
FKP 0.843954
GBP 0.844813
GEL 3.081587
GGP 0.843954
GHS 14.750953
GIP 0.843954
GMD 80.253653
GNF 9714.602076
GTQ 8.62833
GYD 235.378853
HKD 8.747857
HNL 29.142809
HRK 7.538348
HTG 146.502065
HUF 403.75913
IDR 18540.243499
ILS 3.974107
IMP 0.843954
INR 95.028548
IQD 1469.509372
IRR 47262.746444
ISK 146.884965
JEP 0.843954
JMD 178.312174
JOD 0.79628
JPY 163.89564
KES 144.987365
KGS 98.173978
KHR 4490.721691
KMF 490.027137
KPW 1010.367731
KRW 1572.816384
KWD 0.344625
KYD 0.934852
KZT 578.93602
LAK 24249.099133
LBP 100510.570792
LKR 335.168235
LRD 224.356535
LSL 20.402859
LTL 3.314836
LVL 0.679068
LYD 6.147561
MAD 10.377737
MDL 19.226713
MGA 5047.323801
MKD 61.540653
MMK 2357.178333
MNT 4012.232472
MOP 8.987628
MRU 44.691758
MUR 51.573065
MVR 17.290789
MWK 1945.114904
MXN 21.835349
MYR 4.823939
MZN 71.727737
NAD 20.402859
NGN 1805.942318
NIO 41.276336
NOK 11.627388
NPR 153.18129
NZD 1.892292
OMR 0.432191
PAB 1.121783
PEN 4.075365
PGK 4.656306
PHP 62.164495
PKR 315.91858
PLN 4.232508
PYG 8968.475948
QAR 4.09332
RON 5.115712
RSD 116.916368
RUB 93.797957
RWF 1612.55013
SAR 4.210878
SBD 9.367095
SCR 15.943913
SDG 674.138984
SEK 10.911559
SGD 1.457146
SHP 0.882211
SLE 25.539509
SLL 23540.983045
SOS 641.089922
SRD 41.20335
STD 23236.185759
SVC 9.815349
SYP 14596.28812
SZL 20.393782
THB 37.168614
TJS 11.610341
TMT 3.940433
TND 3.376819
TOP 2.629311
TRY 43.49316
TTD 7.62086
TWD 33.963834
TZS 3024.622633
UAH 46.601462
UGX 4105.688689
USD 1.122631
UYU 46.892232
UZS 14448.712503
VES 104.08468
VND 29162.012428
VUV 135.842186
WST 3.119256
XAF 654.313711
XAG 0.034101
XAU 0.000342
XCD 3.033965
XDR 0.813756
XOF 654.313711
XPF 119.331742
YER 274.42679
ZAR 20.425685
ZMK 10105.0223
ZMW 29.530834
ZWL 361.486578
- Markets rally after China and US slash tariffs for 90 days
- India, Pakistan military to confer as ceasefire holds
- Kurdish militant group PKK says disbanding, ending armed struggle
- Virat Kohli: Indian batting great and hero to hundreds of millions
- India great Virat Kohli announces retirement from Test cricket
- Netanyahu vows further fighting despite planned US-Israeli hostage release
- Salt of the earth: Pilot project helping reclaim Sri Lankan farms
- UK towns harness nature to combat rising flood risk
- Sweltering Philippines votes with Marcos-Duterte feud centre stage
- Romania's far-right candidate clear favourite in presidential run-off
Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
An app all attendees of the upcoming Beijing Olympics must use has encryption flaws that could allow personal information to leak, a cyber security watchdog said Tuesday.
The "simple but devastating flaw" in the encryption of the MY2022 app, which is used to monitor Covid and is mandatory for athletes, journalists and other attendees of the games in China's capital, could allow health information, voice messages and other data to leak, warned Jeffrey Knockel, author of the report for Citizen Lab.
The International Olympic Committee responded to the report by saying users can disable the app's access to parts of their phones and that assessments from two unnamed cyber security organizations "confirmed that there are no critical vulnerabilities."
"The user is in control over what the... app can access on their device," the committee told AFP, adding that installing it on cellphones isn't required "as accredited personnel can log on to the health monitoring system on the web page instead."
The committee said it had asked Citizen Lab for its report "to understand their concerns better."
Citizen Lab said it notified the Chinese organizing committee for the Games of the issues in early December and gave them 15 days to respond and 45 days to fix the problem, but received no reply.
"China has a history of undermining encryption technology to perform political censorship and surveillance," Knockel wrote.
"As such, it is reasonable to ask whether the encryption in this app was intentionally sabotaged for surveillance purposes or whether the defect was born of developer negligence," he continued, adding that "the case for the Chinese government sabotaging MY2022's encryption is problematic."
The flaws affect SSL certificates, which allow online entities to communicate securely.
MY2022 doesn't authenticate SSL certificates, meaning other parties could access the app's data, while data is transmitted without the usual encryption SSL certificates have, Knockel wrote.
While the app is transparent about the medical information it collects as part of China's efforts to screen Covid-19 cases, he said "it is unclear with whom or which organization(s) it shares this information."
MY2022 also contains a list called "illegalwords.txt" of "politically sensitive" phrases in China, many of which relate to China's political situation or its Tibetan and Uighur Muslim minorities.
These include keywords like "CCP evil" and Xi Jinping, China's president, though Knockel said it was unclear if the list was being actively used for censorship purposes.
Because of these features, the app may violate both Google and Apple policies around smartphone software, and "also China's own laws and national standards pertaining to privacy protection, providing potential avenues for future redress," he wrote.
E.Cerny--TPP
