Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
CMSC
0.0900
The Prague Post - Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
EUR
-
AED 4.293297
AFN 80.91457
ALL 97.787182
AMD 448.803483
ANG 2.093049
AOA 1072.008381
ARS 1467.658759
AUD 1.776114
AWG 2.107191
AZN 1.992006
BAM 1.954944
BBD 2.359867
BDT 142.117771
BGN 1.954944
BHD 0.440707
BIF 3482.375178
BMD 1.169038
BND 1.495545
BOB 8.093456
BRL 6.502078
BSD 1.168788
BTN 100.194128
BWP 15.604167
BYN 3.824825
BYR 22913.14706
BZD 2.347672
CAD 1.60129
CDF 3373.844424
CHF 0.929041
CLF 0.028934
CLP 1110.323824
CNY 8.380309
CNH 8.386416
COP 4691.84559
CRC 589.441902
CUC 1.169038
CUP 30.97951
CVE 110.21674
CZK 24.665189
DJF 208.128867
DKK 7.461795
DOP 70.379183
DZD 151.705573
EGP 57.855667
ERN 17.535572
ETB 161.021794
FJD 2.621276
FKP 0.865796
GBP 0.864385
GEL 3.16855
GGP 0.865796
GHS 12.154678
GIP 0.865796
GMD 83.590727
GNF 10140.559771
GTQ 8.978069
GYD 244.522931
HKD 9.175551
HNL 30.573613
HRK 7.533988
HTG 153.40283
HUF 399.5543
IDR 18972.787189
ILS 3.894218
IMP 0.865796
INR 100.333285
IQD 1531.029611
IRR 49231.122092
ISK 142.400984
JEP 0.865796
JMD 186.898163
JOD 0.828894
JPY 171.328427
KES 151.00388
KGS 102.232832
KHR 4685.948172
KMF 492.340851
KPW 1052.116012
KRW 1612.291055
KWD 0.357481
KYD 0.973974
KZT 610.66261
LAK 25187.970987
LBP 104720.046415
LKR 351.4761
LRD 234.337391
LSL 20.841074
LTL 3.451866
LVL 0.70714
LYD 6.314235
MAD 10.527091
MDL 19.787336
MGA 5177.732835
MKD 61.508068
MMK 2454.245682
MNT 4196.950222
MOP 9.450262
MRU 46.492642
MUR 53.144915
MVR 18.007558
MWK 2026.612611
MXN 21.771042
MYR 4.971339
MZN 74.772119
NAD 20.841074
NGN 1786.89858
NIO 43.011167
NOK 11.839321
NPR 160.310805
NZD 1.940152
OMR 0.449493
PAB 1.168788
PEN 4.144385
PGK 4.831884
PHP 66.037214
PKR 332.363469
PLN 4.253138
PYG 9058.033774
QAR 4.260834
RON 5.081579
RSD 117.098726
RUB 91.210062
RWF 1688.860502
SAR 4.384482
SBD 9.733981
SCR 16.479975
SDG 702.011685
SEK 11.176827
SGD 1.494854
SHP 0.91868
SLE 26.307644
SLL 24514.149043
SOS 667.907544
SRD 43.49699
STD 24196.728708
SVC 10.226522
SYP 15199.796755
SZL 20.847871
THB 37.929486
TJS 11.295954
TMT 4.103324
TND 3.419503
TOP 2.738009
TRY 46.93731
TTD 7.940523
TWD 34.1849
TZS 3029.973271
UAH 48.831018
UGX 4189.165697
USD 1.169038
UYU 47.259307
UZS 14766.534203
VES 133.584256
VND 30528.845862
VUV 139.77719
WST 3.204584
XAF 655.669903
XAG 0.030452
XAU 0.000348
XCD 3.159384
XDR 0.815443
XOF 655.669903
XPF 119.331742
YER 282.732293
ZAR 20.949587
ZMK 10522.750076
ZMW 27.056153
ZWL 376.429796
- North Korea's Kim offers Russia full support on Ukraine in Lavrov talks
- Trump the football fan: US president to attend FIFA club final
- Farrell happy to have Lions selection headaches for Wallabies Test
- Farm worker dies after US immigration raid in California
- Kiss backs AUNZ team to continue despite Lions flop
- Messi at the double again to lift Miami to MLS win over Nashville
- All Blacks to make wholesale changes for third France Test
- Aussies reach 225 with WIndies 16 for 1 after day one of third Test
- Rewriting the past: Indonesia's new history books spook scholars
- Messi's latest brace lifts Miami to 2-1 MLS victory over Nashville
Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
An app all attendees of the upcoming Beijing Olympics must use has encryption flaws that could allow personal information to leak, a cyber security watchdog said Tuesday.
The "simple but devastating flaw" in the encryption of the MY2022 app, which is used to monitor Covid and is mandatory for athletes, journalists and other attendees of the games in China's capital, could allow health information, voice messages and other data to leak, warned Jeffrey Knockel, author of the report for Citizen Lab.
The International Olympic Committee responded to the report by saying users can disable the app's access to parts of their phones and that assessments from two unnamed cyber security organizations "confirmed that there are no critical vulnerabilities."
"The user is in control over what the... app can access on their device," the committee told AFP, adding that installing it on cellphones isn't required "as accredited personnel can log on to the health monitoring system on the web page instead."
The committee said it had asked Citizen Lab for its report "to understand their concerns better."
Citizen Lab said it notified the Chinese organizing committee for the Games of the issues in early December and gave them 15 days to respond and 45 days to fix the problem, but received no reply.
"China has a history of undermining encryption technology to perform political censorship and surveillance," Knockel wrote.
"As such, it is reasonable to ask whether the encryption in this app was intentionally sabotaged for surveillance purposes or whether the defect was born of developer negligence," he continued, adding that "the case for the Chinese government sabotaging MY2022's encryption is problematic."
The flaws affect SSL certificates, which allow online entities to communicate securely.
MY2022 doesn't authenticate SSL certificates, meaning other parties could access the app's data, while data is transmitted without the usual encryption SSL certificates have, Knockel wrote.
While the app is transparent about the medical information it collects as part of China's efforts to screen Covid-19 cases, he said "it is unclear with whom or which organization(s) it shares this information."
MY2022 also contains a list called "illegalwords.txt" of "politically sensitive" phrases in China, many of which relate to China's political situation or its Tibetan and Uighur Muslim minorities.
These include keywords like "CCP evil" and Xi Jinping, China's president, though Knockel said it was unclear if the list was being actively used for censorship purposes.
Because of these features, the app may violate both Google and Apple policies around smartphone software, and "also China's own laws and national standards pertaining to privacy protection, providing potential avenues for future redress," he wrote.
E.Cerny--TPP
