Zürcher Nachrichten - Beijing Olympics organisers say app security flaws 'fixed'

EUR -
AED 3.938479
AFN 73.284283
ALL 98.19234
AMD 417.267449
ANG 1.943348
AOA 978.447316
ARS 1071.53141
AUD 1.629089
AWG 1.930079
AZN 1.82711
BAM 1.955647
BBD 2.17713
BDT 128.849948
BGN 1.9562
BHD 0.406468
BIF 3183.551653
BMD 1.072266
BND 1.425189
BOB 7.467417
BRL 6.152562
BSD 1.078316
BTN 90.972903
BWP 14.300884
BYN 3.528725
BYR 21016.42052
BZD 2.17343
CAD 1.49386
CDF 3073.115756
CHF 0.939162
CLF 0.03726
CLP 1028.119797
CNY 7.698019
CNH 7.63378
COP 4640.937963
CRC 551.556973
CUC 1.072266
CUP 28.415058
CVE 110.256399
CZK 25.259812
DJF 192.015021
DKK 7.459869
DOP 64.934934
DZD 142.958848
EGP 52.835878
ERN 16.083995
ETB 133.503285
FJD 2.399951
FKP 0.820465
GBP 0.830088
GEL 2.916983
GGP 0.820465
GHS 17.683621
GIP 0.820465
GMD 76.671173
GNF 9295.27488
GTQ 8.33535
GYD 225.592402
HKD 8.336174
HNL 27.205878
HRK 7.386875
HTG 141.888931
HUF 407.236454
IDR 16786.168917
ILS 4.020796
IMP 0.820465
INR 90.481213
IQD 1412.489812
IRR 45134.375558
ISK 148.766647
JEP 0.820465
JMD 171.076654
JOD 0.760348
JPY 163.686863
KES 139.08915
KGS 92.433433
KHR 4378.658423
KMF 493.644665
KPW 965.039476
KRW 1499.246878
KWD 0.328832
KYD 0.89853
KZT 530.808592
LAK 23665.153893
LBP 96559.167469
LKR 315.465391
LRD 204.33406
LSL 18.869628
LTL 3.166124
LVL 0.648604
LYD 5.232592
MAD 10.648369
MDL 19.338491
MGA 4988.610841
MKD 61.5252
MMK 3482.679288
MNT 3643.561097
MOP 8.633826
MRU 42.957649
MUR 49.75717
MVR 16.566921
MWK 1869.754141
MXN 21.634265
MYR 4.699212
MZN 68.521819
NAD 18.869628
NGN 1788.626462
NIO 39.676905
NOK 11.794827
NPR 145.556645
NZD 1.797446
OMR 0.412628
PAB 1.078316
PEN 4.044584
PGK 4.328662
PHP 62.679371
PKR 299.424042
PLN 4.325898
PYG 8431.342275
QAR 3.931893
RON 4.977143
RSD 116.980874
RUB 104.99181
RWF 1478.084695
SAR 4.02742
SBD 8.943509
SCR 14.390377
SDG 644.972153
SEK 11.594849
SGD 1.4214
SHP 0.820465
SLE 24.501684
SLL 22484.885861
SOS 616.251927
SRD 37.497551
STD 22193.748611
SVC 9.435264
SYP 2694.101668
SZL 18.864528
THB 36.687634
TJS 11.462006
TMT 3.763655
TND 3.347839
TOP 2.511359
TRY 36.822021
TTD 7.327428
TWD 34.580984
TZS 2878.975413
UAH 44.514627
UGX 3946.692121
USD 1.072266
UYU 45.046486
UZS 13787.924411
VEF 3884341.194834
VES 47.874003
VND 27101.532073
VUV 127.301648
WST 3.003615
XAF 655.905833
XAG 0.031788
XAU 0.000394
XCD 2.897854
XDR 0.808437
XOF 655.905833
XPF 119.331742
YER 267.878982
ZAR 19.79817
ZMK 9651.687743
ZMW 29.35571
ZWL 345.269328
  • RBGPF

    61.4000

    61.4

    +100%

  • BCC

    1.4700

    142.32

    +1.03%

  • RIO

    -3.0400

    64.43

    -4.72%

  • CMSC

    0.1600

    24.84

    +0.64%

  • BCE

    0.3000

    28.37

    +1.06%

  • RELX

    0.3200

    47.98

    +0.67%

  • SCS

    0.0600

    13.14

    +0.46%

  • RYCEF

    0.0100

    7.15

    +0.14%

  • JRI

    0.1600

    13.53

    +1.18%

  • NGG

    -0.3600

    63.94

    -0.56%

  • GSK

    -0.3700

    36.29

    -1.02%

  • BTI

    -0.0100

    35.39

    -0.03%

  • VOD

    -0.0100

    9.31

    -0.11%

  • CMSD

    0.2350

    25.125

    +0.94%

  • BP

    -0.8800

    28.93

    -3.04%

  • AZN

    -0.2000

    64.49

    -0.31%

Beijing Olympics organisers say app security flaws 'fixed'
Beijing Olympics organisers say app security flaws 'fixed'

Beijing Olympics organisers say app security flaws 'fixed'

An app that Winter Olympics attendees must use has been patched, a Chinese official told AFP Thursday, after cyber security researchers said they had found a "simple but devastating" flaw that could allow data leaks.

Text size:

Next month's Games are being held in a bubble that separates participants from the rest of the population as part of China's strict zero-Covid policy.

Those taking part -- from foreign athletes, delegates and media to the army of local volunteers and officials -- have to download a health-tracking app called MY2022.

Users report their health status daily through the app which collects data including vaccination status and coronavirus test results, as well as travel and passport details.

Earlier this week researchers at the University of Toronto's Citizen Lab said they discovered the app's security flaws could allow data including health information and voice messages to leak, which could then be read by "eavesdroppers" such as Wi-Fi hotspot operators.

But a senior Chinese Olympic official said any bugs had now been fixed.

"There is definitely no data leakage," Beijing Olympics Organising Committee (BOCOG) tech chief Yu Hong told AFP, adding that the app's user and privacy guidelines were reviewed by the International Olympic Committee.

"The security loopholes have already been fixed. If they existed in earlier versions, they have been fixed in the latest version."

The app's developers have been in email contact with Citizen Lab since Wednesday, Yu added, promising that there will be "relevant discussions" on follow-up work.

Yu did not deny there may have been security flaws in previous versions of the app and she suggested that BOCOG had not been aware of them.

"During development we have continued to test and use it. When new usage conditions appear some new technological imperfections may be discovered, these can be called loopholes," she said.

- Data laws -

Citizen Lab earlier said it had notified organisers about the issues in early December but received no reply.

However, Yu said organisers never saw the request because it was sent to an old email address.

China's data security laws require that health and medical data be encrypted during transmission and storage.

The Citizen Lab report claimed that the app's inadequate encryption could violate Chinese law, as well as Google and Apple mobile software policies.

"China has a history of undermining encryption technology to perform political censorship and surveillance," researcher Jeffrey Knockel wrote in the report.

Researchers also discovered the app's Android code contained an apparently inactive blacklist of over 2,400 "politically sensitive" phrases, and that it had a separate function to report other users' speech for "politically sensitive content".

But organisers denied ever requesting these functions, and said they have asked the developer to look into it.

They added that app health data would primarily be shared with virus control authorities, after the report claimed this was unclear.

"Use of data by individuals and departments is only permitted after the IOC confirms it," Yu said.

China maintains the world's most sophisticated digital tools to monitor and censor the internet for its citizens, blocking major Western platforms such as Twitter, Facebook and YouTube.

In recent days, Olympic associations in multiple Western countries have warned athletes to leave personal devices at home and bring "burner" phones to China.

Analysts have also warned of cybersecurity risks such as data theft and surveillance targeting attendees using public Wi-Fi networks and official SIM cards provided by organisers.

However, organisers and the Chinese government have dismissed such concerns as unfounded.

"The government will not monitor individuals' phones in any form," Yu said.

The app also provides a range of daily living services for users, such as translation, weather, transport schedules and accommodation booking.

W.Vogt--NZN