Zürcher Nachrichten - Beijing Olympics organisers say app security flaws 'fixed'

EUR -
AED 3.826681
AFN 70.961758
ALL 98.138602
AMD 405.652886
ANG 1.877182
AOA 951.190259
ARS 1045.720247
AUD 1.602814
AWG 1.877897
AZN 1.775245
BAM 1.955573
BBD 2.102956
BDT 124.465544
BGN 1.955294
BHD 0.392554
BIF 3076.642669
BMD 1.041829
BND 1.403837
BOB 7.197164
BRL 6.043693
BSD 1.041579
BTN 87.914489
BWP 14.229347
BYN 3.408604
BYR 20419.848375
BZD 2.099456
CAD 1.456529
CDF 2991.091432
CHF 0.930957
CLF 0.036923
CLP 1018.83097
CNY 7.54601
CNH 7.562783
COP 4573.368835
CRC 530.538382
CUC 1.041829
CUP 27.608468
CVE 110.252195
CZK 25.343745
DJF 185.478458
DKK 7.457729
DOP 62.772709
DZD 139.835759
EGP 51.726992
ERN 15.627435
ETB 127.508391
FJD 2.371151
FKP 0.822333
GBP 0.831435
GEL 2.855018
GGP 0.822333
GHS 16.456089
GIP 0.822333
GMD 73.970229
GNF 8977.957272
GTQ 8.040066
GYD 217.904692
HKD 8.110066
HNL 26.320943
HRK 7.431636
HTG 136.72412
HUF 411.522823
IDR 16610.452733
ILS 3.856892
IMP 0.822333
INR 87.968134
IQD 1364.44153
IRR 43834.955489
ISK 145.523076
JEP 0.822333
JMD 165.930728
JOD 0.738765
JPY 161.244275
KES 134.884334
KGS 90.122166
KHR 4193.512952
KMF 492.268155
KPW 937.645704
KRW 1463.259646
KWD 0.320727
KYD 0.867999
KZT 520.059599
LAK 22878.342838
LBP 93271.167197
LKR 303.144792
LRD 187.998165
LSL 18.795317
LTL 3.076251
LVL 0.630192
LYD 5.086409
MAD 10.478083
MDL 18.997794
MGA 4861.435378
MKD 61.522855
MMK 3383.819949
MNT 3540.134882
MOP 8.35093
MRU 41.443187
MUR 48.810083
MVR 16.10707
MWK 1806.090235
MXN 21.283008
MYR 4.654932
MZN 66.583684
NAD 18.795317
NGN 1767.675143
NIO 38.325549
NOK 11.53576
NPR 140.663663
NZD 1.785942
OMR 0.400943
PAB 1.041579
PEN 3.949541
PGK 4.193513
PHP 61.404399
PKR 289.239507
PLN 4.337676
PYG 8131.055634
QAR 3.798559
RON 4.978071
RSD 116.991412
RUB 108.671879
RWF 1421.834864
SAR 3.911473
SBD 8.734231
SCR 14.272055
SDG 626.663972
SEK 11.497837
SGD 1.402931
SHP 0.822333
SLE 23.68116
SLL 21846.638123
SOS 595.230868
SRD 36.978718
STD 21563.75683
SVC 9.113941
SYP 2617.626467
SZL 18.788818
THB 35.922648
TJS 11.092512
TMT 3.646401
TND 3.309016
TOP 2.440072
TRY 35.9978
TTD 7.074178
TWD 33.946439
TZS 2770.578216
UAH 43.089995
UGX 3848.553017
USD 1.041829
UYU 44.294855
UZS 13362.448044
VES 48.506662
VND 26482.251319
VUV 123.688032
WST 2.90836
XAF 655.880824
XAG 0.033274
XAU 0.000384
XCD 2.815595
XDR 0.792308
XOF 655.880824
XPF 119.331742
YER 260.379151
ZAR 18.915093
ZMK 9377.71492
ZMW 28.772658
ZWL 335.468513
  • BCC

    3.4200

    143.78

    +2.38%

  • AZN

    1.3700

    65.63

    +2.09%

  • RIO

    -0.2200

    62.35

    -0.35%

  • BCE

    0.0900

    26.77

    +0.34%

  • SCS

    0.2300

    13.27

    +1.73%

  • GSK

    0.2600

    33.96

    +0.77%

  • CMSC

    0.0320

    24.672

    +0.13%

  • NGG

    1.0296

    63.11

    +1.63%

  • BTI

    0.4000

    37.38

    +1.07%

  • JRI

    -0.0200

    13.21

    -0.15%

  • VOD

    0.1323

    8.73

    +1.52%

  • RELX

    0.9900

    46.75

    +2.12%

  • BP

    0.2000

    29.72

    +0.67%

  • RBGPF

    59.2400

    59.24

    +100%

  • CMSD

    0.0150

    24.46

    +0.06%

  • RYCEF

    -0.0100

    6.79

    -0.15%

Beijing Olympics organisers say app security flaws 'fixed'
Beijing Olympics organisers say app security flaws 'fixed'

Beijing Olympics organisers say app security flaws 'fixed'

An app that Winter Olympics attendees must use has been patched, a Chinese official told AFP Thursday, after cyber security researchers said they had found a "simple but devastating" flaw that could allow data leaks.

Text size:

Next month's Games are being held in a bubble that separates participants from the rest of the population as part of China's strict zero-Covid policy.

Those taking part -- from foreign athletes, delegates and media to the army of local volunteers and officials -- have to download a health-tracking app called MY2022.

Users report their health status daily through the app which collects data including vaccination status and coronavirus test results, as well as travel and passport details.

Earlier this week researchers at the University of Toronto's Citizen Lab said they discovered the app's security flaws could allow data including health information and voice messages to leak, which could then be read by "eavesdroppers" such as Wi-Fi hotspot operators.

But a senior Chinese Olympic official said any bugs had now been fixed.

"There is definitely no data leakage," Beijing Olympics Organising Committee (BOCOG) tech chief Yu Hong told AFP, adding that the app's user and privacy guidelines were reviewed by the International Olympic Committee.

"The security loopholes have already been fixed. If they existed in earlier versions, they have been fixed in the latest version."

The app's developers have been in email contact with Citizen Lab since Wednesday, Yu added, promising that there will be "relevant discussions" on follow-up work.

Yu did not deny there may have been security flaws in previous versions of the app and she suggested that BOCOG had not been aware of them.

"During development we have continued to test and use it. When new usage conditions appear some new technological imperfections may be discovered, these can be called loopholes," she said.

- Data laws -

Citizen Lab earlier said it had notified organisers about the issues in early December but received no reply.

However, Yu said organisers never saw the request because it was sent to an old email address.

China's data security laws require that health and medical data be encrypted during transmission and storage.

The Citizen Lab report claimed that the app's inadequate encryption could violate Chinese law, as well as Google and Apple mobile software policies.

"China has a history of undermining encryption technology to perform political censorship and surveillance," researcher Jeffrey Knockel wrote in the report.

Researchers also discovered the app's Android code contained an apparently inactive blacklist of over 2,400 "politically sensitive" phrases, and that it had a separate function to report other users' speech for "politically sensitive content".

But organisers denied ever requesting these functions, and said they have asked the developer to look into it.

They added that app health data would primarily be shared with virus control authorities, after the report claimed this was unclear.

"Use of data by individuals and departments is only permitted after the IOC confirms it," Yu said.

China maintains the world's most sophisticated digital tools to monitor and censor the internet for its citizens, blocking major Western platforms such as Twitter, Facebook and YouTube.

In recent days, Olympic associations in multiple Western countries have warned athletes to leave personal devices at home and bring "burner" phones to China.

Analysts have also warned of cybersecurity risks such as data theft and surveillance targeting attendees using public Wi-Fi networks and official SIM cards provided by organisers.

However, organisers and the Chinese government have dismissed such concerns as unfounded.

"The government will not monitor individuals' phones in any form," Yu said.

The app also provides a range of daily living services for users, such as translation, weather, transport schedules and accommodation booking.

W.Vogt--NZN