[ad_1]
RICHMOND, Va.—A smartphone app that athletes and others who will attend the Winter Games in Beijing next month must install has obvious security issues that could expose sensitive data to interception, according to a report released Tuesday.
Citizen Lab, an internet watchdog group, said in its report that the MY2022 app had severely flawed encryption that would make users’ sensitive data – and other data transmitted through that data – vulnerable to attack. The report found that other important user data in the app is not encrypted at all.
This means that data can be read by Chinese internet service providers or telecommunications companies via Wi-Fi hotspots at hotels, airports and Olympic venues.
China requires all international Olympic participants, including coaches and journalists, to download and start using the app 14 days before departure. The app allows users to submit essential health information on a daily basis and is part of China’s aggressive effort to manage the coronavirus pandemic while hosting games that start on Feb. The multi-purpose app also has chat features, file transfers, weather updates, tourism advice and GPS navigation.
Citizen Lab’s report comes amid growing concerns about athletes’ data and privacy. According to reports, many countries are advising their athletes not to bring their regular smartphones to China, but instead to bring temporary or caustic phones that do not store sensitive personal data.
The U.S. Olympic and Paralympic Committee has issued a recommendation telling athletes to “assume that every device and every communication, transaction, and online activity will be monitored.”
“There should be no expectation of data security or privacy when operating in China,” the consultancy said.
China has a well-documented history of muscle surveillance of its citizens and aggressive cyber-espionage on others. However, Citizen Lab said there is no evidence that easily discoverable vulnerabilities in the FY2022 app were deliberately planted by the Chinese government. First, most of the sensitive health information held in the app must be made available to authorities directly through health customs forms, the report said.
Citizen Lab said the vulnerabilities found in the MY2022 app were similar to those found in popular Chinese web browsers, noting that “the poor protection of user data is unique to the Chinese app ecosystem.”
“In light of previous studies analyzing popular Chinese practices, our findings for FY2022 are not surprising, if not surprising,” the report said.
Citizen Lab said it reported the security issues to the Beijing Organizing Committee last month, but received no response. The report also stated that the app’s vulnerabilities could go against Apple’s and Google’s software policies used on iPhones and Android devices. The two companies did not immediately submit a request for comment.
The Android version of the MY2022 app included a list called “illegalwords.txt” containing 2,442 keywords, including some that could be politically sensitive and related to China’s actions against the Tibetan and Uyghur ethnic group.
The report said that although the list is bundled with the app, it doesn’t seem to work. The Chinese government has long required tech companies to censor content and keywords deemed politically sensitive or inappropriate.
[ad_2]
Source link