Chinese officials won’t fix security flaws in Olympic app

The bad news – if you were hoping to attend – is the Winter Olympics in Beijing has banned virtually all spectators.

The good news is that means you won’t have to download the official Olympics app, which is said to contain multiple security holes that authorities won’t fix.

The University of Toronto’s Citizen Lab says personal data such as medical and passport details can be hacked, server responses can be spoofed, and encryption on audio and file transfers can be easily sidestepped.

Athletes are required to install the My2022 app at least 14 days before they arrive in Beijing, according to official advice. They must supply vaccination status and personal details and carry out a daily health check until they leave.

The app is available from Apple and Android app stores for non-athletes to download as well.

No answers

Citizen Lab said it advised the Beijing Olympic Committee of the security flaw on December 3 but since have had no response from either the committee or the app developer.

It points out China has a “history of undermining encryption technology” in order to perform censorship and surveillance and in exploiting unencrypted communications.

“Furthermore, local Chinese governments routinely use data interception technology to sniff Wi-Fi traffic for surveillance purposes.”

To read the complete article, visit Light Reading.