Mandatory Chinese Olympics app has ‘devastating’ encryption flaw: analyst

By Andrew McCollum On Jan 18, 2022

All those attending the Olympics in Beijing have to download MY2022, an app China says is to monitor Covid, but which anaylsts warn has “devastating” security flaws.

An app all attendees of the upcoming Beijing Olympics must use has encryption flaws that could allow personal information to leak, a cyber security watchdog said Tuesday.

The “simple but devastating flaw” in the encryption of the MY2022 app, which is used to monitor Covid and is mandatory for athletes, journalists and other attendees of the games in China’s capital, could allow health information, voice message and other data to leak, warned Jeffrey Knockel, author of the report for Citizen Lab.

Citizen Lab notified the Chinese organizing committee for the Games of the issues in early December and gave them 15 days to respond and 45 days to fix the problem, but received no reply.

“China has a history of undermining encryption technology to perform political censorship and surveillance,” Knockel wrote.

“As such, it is reasonable to ask whether the encryption in this app was intentionally sabotaged for surveillance purposes or whether the defect was born of developer negligence,” he continued, adding that “the case for the Chinese government sabotaging MY2022’s encryption is problematic.”

The flaws affect SSL certificates, which allow online entities to communicate securely. In one case, MY2022 doesn’t authenticate SSL certificates, meaning other parties could access the app’s data, while another sees data transmitted without the usual encryption SSL certificates have.

Knockel said that while the app is transparent about medical information it collects as part of China’s efforts to screen Covid-19 cases, “it is unclear with whom or which organization(s) it shares this information.”

MY2022 also contains a list called “illegalwords.txt” of “politically sensitive” phrases in China, many of which relate to China’s political situation or its Tibetan and Uighur Muslim minorities.

These include keywords like “CCP evil” and Xi Jinping, China’s president, though Knockel said it was unclear if the list was being actively used of censorship purposes.

Because of these features, the app may violate both Google and Apple policies around smartphone software, and “also China’s own laws and national standards pertaining to privacy protection, providing potential avenues for future redress,” he wrote.

Researchers find privacy problems in popular Baidu browser

Citation:
Mandatory Chinese Olympics app has ‘devastating’ encryption flaw: analyst (2022, January 18)
retrieved 18 January 2022
from https://techxplore.com/news/2022-01-mandatory-chinese-olympics-app-devastating.html

This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.