Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
-
India's Modi in Sri Lanka for defence and energy deals
-
'No one to return to': Afghans fear Pakistan deportation
-
Fractious Republicans seek unity over Trump tax cuts
-
America's passion for tariffs rarely pays off, economists warn
-
Trump's global tariff takes effect in dramatic US trade shift
-
North Korea's Kim fires new sniper rifle while visiting troops
-
Norris fastest in McLaren 1-2 as fires again disrupt Japan GP practice
-
Vital European defence startups still facing hurdles
-
'I don't have a voice in my head': Life with no inner monologue
-
Pakistan chasing 265 to win shortened third New Zealand ODI
-
US soybeans, energy: Who is hit by China's tariff retaliation?
-
Green, Sengun lift Rockets over Thunder, Celtics clinch record
-
Ariya downs defending champ Korda to advance at LPGA Match Play
-
Ovechkin ties Gretzky's all-time record of 894 NHL goals
-
Under-pressure Doohan vows to learn from Japanese GP smash
-
Harman goes four clear at Texas Open
-
McLaughlin-Levrone, Thomas cruise to wins at opening Grand Slam Track
-
Russian strike kills 18 in Ukrainian president's home city
-
US cardinal defrocked for sex abuse dies at 94
-
Lula admits 'still a lot to do' for Indigenous Brazilians
-
England, Germany and Spain on mark in women's Nations League
-
Bayern's Musiala to miss Inter first leg with injury
-
Judge orders return to US of Salvadoran man deported in error
-
'Class' Freeman eases Northampton past Clermont and into Champions Cup quarters
-
Amadou of Malian blind music duo dies aged 70
-
Freeman hat-trick eases Northampton into Champions Cup quarters with Clermont win
-
Defiant Trump dismisses stock market's tariff plunge
-
Musiala injury sours Bayern win at Augsburg
-
Peruvian schoolkids living in fear of extortion gangs
-
Top seed Pegula rallies to oust defending champ Collins in Charleston
-
Amadou of Malian blind music duo Amadou & Mariam dies aged 70
-
California to defy Trump's tariffs to allay global trade fears
-
Bayern's Musiala subbed off with injury days out from Inter clash
-
Russian strike kills 16 in Ukraine leader's home city, children among dead
-
NBA fines Grizzlies' Morant for imaginary gun gesture
-
Trump tariffs offer opportunity for China
-
UK comedian Russell Brand charged with rape
-
Marsh, Markram help Lucknow edge Mumbai in IPL
-
Trump gives TikTok extra 75 days to find buyer
-
Israel attorney general accuses PM of 'conflict of interest' in security chief dismissal
-
Emery glad to see Rashford make landmark appearance
-
Sean 'Diddy' Combs faces more charges ahead of criminal trial
-
Russian missile strike kills 14 in Ukraine leader's home city
-
Trump's tariff Big Bang puts global economy under threat
-
I Am Maximus backed for National as Mullins hot streak continues
-
2014 World Cup winner Hummels to retire at season's end
-
Intercommunal violence kills dozens in central Nigeria
-
Nigerian, S. African music saw 'extraordinary growth' in 2024: Spotify
-
Russell Brand: From Hollywood star to rape suspect
-
France soccer star Mbappe unveiled in London... in waxwork form
NYSE - LSE
| RBGPF | 100% | 69.02 | $ | |
| JRI | -7.19% | 11.96 | $ | |
| SCS | -0.56% | 10.68 | $ | |
| GSK | -6.79% | 36.53 | $ | |
| BCE | 0.22% | 22.71 | $ | |
| NGG | -5.25% | 65.93 | $ | |
| AZN | -7.98% | 68.46 | $ | |
| VOD | -10.24% | 8.5 | $ | |
| RELX | -6.81% | 48.16 | $ | |
| CMSC | 0.13% | 22.29 | $ | |
| RYCEF | -18.79% | 8.25 | $ | |
| RIO | -6.88% | 54.67 | $ | |
| BCC | 0.85% | 95.44 | $ | |
| BTI | -5.17% | 39.86 | $ | |
| BP | -10.43% | 28.38 | $ | |
| CMSD | 0.7% | 22.83 | $ |
Mandatory Chinese Olympics app has 'devastating' encryption flaw: analyst
An app all attendees of the upcoming Beijing Olympics must use has encryption flaws that could allow personal information to leak, a cyber security watchdog said Tuesday.
The "simple but devastating flaw" in the encryption of the MY2022 app, which is used to monitor Covid and is mandatory for athletes, journalists and other attendees of the games in China's capital, could allow health information, voice messages and other data to leak, warned Jeffrey Knockel, author of the report for Citizen Lab.
The International Olympic Committee responded to the report by saying users can disable the app's access to parts of their phones and that assessments from two unnamed cyber security organizations "confirmed that there are no critical vulnerabilities."
"The user is in control over what the... app can access on their device," the committee told AFP, adding that installing it on cellphones isn't required "as accredited personnel can log on to the health monitoring system on the web page instead."
The committee said it had asked Citizen Lab for its report "to understand their concerns better."
Citizen Lab said it notified the Chinese organizing committee for the Games of the issues in early December and gave them 15 days to respond and 45 days to fix the problem, but received no reply.
"China has a history of undermining encryption technology to perform political censorship and surveillance," Knockel wrote.
"As such, it is reasonable to ask whether the encryption in this app was intentionally sabotaged for surveillance purposes or whether the defect was born of developer negligence," he continued, adding that "the case for the Chinese government sabotaging MY2022's encryption is problematic."
The flaws affect SSL certificates, which allow online entities to communicate securely.
MY2022 doesn't authenticate SSL certificates, meaning other parties could access the app's data, while data is transmitted without the usual encryption SSL certificates have, Knockel wrote.
While the app is transparent about the medical information it collects as part of China's efforts to screen Covid-19 cases, he said "it is unclear with whom or which organization(s) it shares this information."
MY2022 also contains a list called "illegalwords.txt" of "politically sensitive" phrases in China, many of which relate to China's political situation or its Tibetan and Uighur Muslim minorities.
These include keywords like "CCP evil" and Xi Jinping, China's president, though Knockel said it was unclear if the list was being actively used for censorship purposes.
Because of these features, the app may violate both Google and Apple policies around smartphone software, and "also China's own laws and national standards pertaining to privacy protection, providing potential avenues for future redress," he wrote.
S.Gregor--AMWN