Official Beijing Olympics App Is A Security Nightmare
Every Olympian participating in next month’s Beijing Winter Olympics is required to download the My 2022 app, which is used to monitor the athletes’ health, and for them to communicate with each other.
The app requires users to enter their body temperature, medications, passport details, travel plans, and even respiratory symptoms each day during the two-week run up to the Games.
Once in Beijing, Olympians will use the app as a chat messenger service, language translator, timetable, transport info hub, and to update on their health status.
None of this information, however, will be secure.
Citizen Lab, a human-rights based cybersecurity research group, has highlighted a number of security flaws that could see these Olympians easy prey for hackers intent on stealing their sensitive data.
The researchers, who are based at the University of Toronto, say the app fails to authenticate certain websites, doesn’t encrypt sensitive metadata sent via the app’s messenger, and can be easily accessed via Wi-Fi hot spots.
Citizen Lab doesn’t believe this is an intentional governmental move to steal data, but rather the results of the country’s lax attitude to cybersecurity.
“While we found glaring and easily discoverable security issues with the way that My 2022 performs encryption, we have also observed similar issues in Chinese-developed Zoom, as well as the most popular Chinese web browsers.”
More worryingly, Citizen Lab also found a list of 2,400 keywords deep inside the Android version of the app which are considered “politically sensitive”. This could be a censorship ploy.
Among the terms are ‘Tiananmen Square’, ‘Falun Gong’, and ‘President Xi Jinping’.