Official Beijing 2022 Olympics Mobile App Is Marred by Security Flaws, Researchers Say
A mobile app that’s mandatory for all participants in next month’s Winter Olympics in Beijing contains security flaws that could make it easy for a hacker to steal sensitive personal information, cybersecurity researchers in Canada warn.
The China-built app, My 2022, will be used to monitor the health of attendees, as well as facilitate information sharing, leading up to and throughout the 2022 Games. Technicians with Citizen Lab, a human rights-focused cybersecurity and censorship research group at the University of Toronto, said they found the app failed to authenticate the identity of certain websites, leaving transfers of personal data open to attackers.
In a report released Tuesday, Citizen Lab also said the app didn’t properly encrypt sensitive metadata transmitted through the app’s messaging function, which meant any eavesdropper operating a Wi-Fi hot spot could discover who users are communicating with and when.
The researcher found the vulnerabilities in the iOS version of the app after downloading it and creating an account, said
Jeffrey Knockel,
one of the authors of the report. They weren’t able to create an account on the Android version of the app but found similar vulnerabilities by testing its publicly available features, he said.
Citizen Lab said the vulnerabilities were similar to those frequently found in other Chinese apps, which led it to believe they are more likely to be the result of China’s lax enforcement of cybersecurity standards than part of an intentional government effort to steal data.
and Google, the maker of Android, didn’t immediately respond to requests for comment. The Beijing Olympic Committee didn’t respond to a request for comment.
The Beijing 2022 handbook for athletes and officials…