Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
RBGPF
0.1000
The Prague Post - Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
EUR
-
AED 4.246253
AFN 73.412301
ALL 96.383428
AMD 432.970609
ANG 2.06934
AOA 1060.262144
ARS 1636.671131
AUD 1.648055
AWG 2.081213
AZN 1.946815
BAM 1.945334
BBD 2.33932
BDT 140.653282
BGN 1.905057
BHD 0.436402
BIF 3446.855486
BMD 1.156229
BND 1.488273
BOB 7.947244
BRL 6.101771
BSD 1.161523
BTN 105.632694
BWP 15.762816
BYN 3.41797
BYR 22662.097436
BZD 2.336005
CAD 1.566274
CDF 2569.722857
CHF 0.900674
CLF 0.027015
CLP 1066.36766
CNY 7.974226
CNH 8.004091
COP 4362.095325
CRC 554.601187
CUC 1.156229
CUP 30.640081
CVE 109.674946
CZK 24.417371
DJF 206.830097
DKK 7.470491
DOP 69.151867
DZD 152.372523
EGP 61.02618
ERN 17.343442
ETB 180.155581
FJD 2.559256
FKP 0.862058
GBP 0.865959
GEL 3.150736
GGP 0.862058
GHS 12.444051
GIP 0.862058
GMD 84.98315
GNF 10184.667415
GTQ 8.823529
GYD 240.615484
HKD 9.03672
HNL 30.742646
HRK 7.534454
HTG 152.373232
HUF 398.075938
IDR 19611.964118
ILS 3.599232
IMP 0.862058
INR 106.678528
IQD 1521.522412
IRR 1527032.248961
ISK 145.103668
JEP 0.862058
JMD 181.898769
JOD 0.819778
JPY 183.205133
KES 149.326829
KGS 101.113018
KHR 4660.899182
KMF 490.241182
KPW 1040.60617
KRW 1720.718026
KWD 0.356095
KYD 0.96794
KZT 573.853122
LAK 24871.630399
LBP 104011.02834
LKR 361.341797
LRD 209.890783
LSL 19.427998
LTL 3.414045
LVL 0.699391
LYD 7.401283
MAD 10.725596
MDL 20.088161
MGA 4836.729426
MKD 61.623919
MMK 2428.164112
MNT 4126.69093
MOP 9.354947
MRU 46.482626
MUR 54.262112
MVR 17.875451
MWK 2014.048286
MXN 20.681499
MYR 4.582152
MZN 73.93
NAD 19.427914
NGN 1617.726717
NIO 42.741651
NOK 11.176709
NPR 170.6918
NZD 1.957271
OMR 0.444569
PAB 1.150112
PEN 3.961388
PGK 5.002452
PHP 68.773679
PKR 324.431942
PLN 4.278278
PYG 7599.172804
QAR 4.194036
RON 5.096773
RSD 117.417397
RUB 90.472962
RWF 1694.125658
SAR 4.34048
SBD 9.302077
SCR 17.218673
SDG 695.47418
SEK 10.692914
SGD 1.479857
SHP 0.867472
SLE 28.356498
SLL 24245.552932
SOS 662.58244
SRD 43.539555
STD 23931.615425
STN 24.610458
SVC 10.162568
SYP 127.855757
SZL 19.43339
THB 37.069297
TJS 11.058008
TMT 4.058365
TND 3.378921
TOP 2.783923
TRY 50.971075
TTD 7.87029
TWD 36.881429
TZS 2983.072234
UAH 50.753615
UGX 4244.166295
USD 1.156229
UYU 45.246572
UZS 14025.542285
VES 491.561711
VND 30382.819662
VUV 138.024512
WST 3.168634
XAF 658.922967
XAG 0.013856
XAU 0.000227
XCD 3.124768
XCG 2.093286
XDR 0.819482
XOF 658.920105
XPF 119.331742
YER 275.760792
ZAR 19.361074
ZMK 10407.458324
ZMW 22.456987
ZWL 372.305415
- Bangladesh scraps light displays as Mideast war worsens fuel crunch
- Stocks tumble, oil soars past $100 on Mideast war
- Iran war sends oil price soaring as Khamenei son takes charge
- Incensed North Korea briefly refuse to play in bitter Asian Cup loss
- Landmark trial opens for Turkish opposition champion Imamoglu
- Indonesia landfill collapse kills five
- African players in Europe: Marmoush torments Newcastle again
- Kenya flash floods death toll rises to 45
- Asian economies move to limit Mideast war's impact at home
- Jail for up to 16 years for Australian hitmen who killed compatriot in Bali
Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
An app all attendees of the upcoming Beijing Olympics must use has encryption flaws that could allow personal information to leak, a cyber security watchdog said Tuesday.
The "simple but devastating flaw" in the encryption of the MY2022 app, which is used to monitor Covid and is mandatory for athletes, journalists and other attendees of the games in China's capital, could allow health information, voice messages and other data to leak, warned Jeffrey Knockel, author of the report for Citizen Lab.
The International Olympic Committee responded to the report by saying users can disable the app's access to parts of their phones and that assessments from two unnamed cyber security organizations "confirmed that there are no critical vulnerabilities."
"The user is in control over what the... app can access on their device," the committee told AFP, adding that installing it on cellphones isn't required "as accredited personnel can log on to the health monitoring system on the web page instead."
The committee said it had asked Citizen Lab for its report "to understand their concerns better."
Citizen Lab said it notified the Chinese organizing committee for the Games of the issues in early December and gave them 15 days to respond and 45 days to fix the problem, but received no reply.
"China has a history of undermining encryption technology to perform political censorship and surveillance," Knockel wrote.
"As such, it is reasonable to ask whether the encryption in this app was intentionally sabotaged for surveillance purposes or whether the defect was born of developer negligence," he continued, adding that "the case for the Chinese government sabotaging MY2022's encryption is problematic."
The flaws affect SSL certificates, which allow online entities to communicate securely.
MY2022 doesn't authenticate SSL certificates, meaning other parties could access the app's data, while data is transmitted without the usual encryption SSL certificates have, Knockel wrote.
While the app is transparent about the medical information it collects as part of China's efforts to screen Covid-19 cases, he said "it is unclear with whom or which organization(s) it shares this information."
MY2022 also contains a list called "illegalwords.txt" of "politically sensitive" phrases in China, many of which relate to China's political situation or its Tibetan and Uighur Muslim minorities.
These include keywords like "CCP evil" and Xi Jinping, China's president, though Knockel said it was unclear if the list was being actively used for censorship purposes.
Because of these features, the app may violate both Google and Apple policies around smartphone software, and "also China's own laws and national standards pertaining to privacy protection, providing potential avenues for future redress," he wrote.
E.Cerny--TPP
