Skip to content

Should athletes be worried about flaws in China’s Olympic app? | Monitoring

| Breaking News Updates | Google News


With the Beijing Olympics just weeks away, concerns are growing over a mandatory health app for competing athletes, after a new report revealed the app contains security flaws and a list of words ” politically sensitive” that have been flagged for censorship.

The report, published by the University of Toronto’s strategic research and policy unit, Citizen Lab, found that the My2022 app, which will be used to monitor athletes’ health and travel data, has a flaw “devastating” encryption that makes users’ files and media vulnerable. .

According to the researchers, the problem is twofold: first, the app does not always verify that the servers the encrypted data is sent to are the intended servers, which could allow malicious actors to spoof or impersonate the identity of this server to access these files. This could allow the attacker, for example, to “read a victim’s sensitive demographic, passport, travel, and medical information sent in a customs health declaration or send malicious instructions to a victim after completing a form,” the report said. Second, the app does not encrypt some sensitive data at all. In effect, this means that certain sensitive data within the app, “including the names of message senders and recipients and their user account IDs”, is transmitted without any security.

“This data can be read by any passive eavesdropper, such as someone within range of an unsecured wifi hotspot, someone operating a wifi hotspot, or an internet service provider or another telecommunications company,” the report said.

The Beijing Olympics are already taking place under a cloud of controversy. The United States announced in December that it would hold a diplomatic boycott of the games over lingering human rights concerns as China continues to deny its years-long campaign against Uyghur minorities. US lawmakers have also proposed new legislation that would strip the International Olympic Committee (IOC) of tax-exempt status over its refusal to challenge China over its human rights abuses.

The app’s encryption flaws have raised other concerns, but how worried should visiting countries and athletes be? While experts say general concerns about surveillance during the Olympics and the app are justified, the reality is that the app’s security flaws are likely more a reflection of poor design than sinister. intention to monitor. In other words, athletes and others visiting the country during the Olympics should be as careful as they normally would when visiting China.

“The main thing Citizen Lab has told us is that there is substance behind our fears and worries, but it’s also true that we tend to demonize China,” said Jon Callas, director of technology projects at the non-profit digital association. human rights group, the Electronic Frontier Foundation.

Callas and other experts say the Chinese government should certainly fix the security flaw, but the flaw doesn’t necessarily put athletes at a higher risk of government surveillance. And the encryption is unlikely to be flawed by design, said Kenton Thibaut, resident researcher in China from the Atlantic Council’s Digital Forensic Research Lab. It’s unlikely that someone intentionally sabotaged the app’s encryption in order to more easily access user information, she pointed out, because all the information goes to the government anyway.

“If you use Chinese apps, even if you’re not in China, they will still have access to the information you submit because the data ends up in a place where the government has control and access,” Thibault says. “The app itself is created by a government entity, there would be no reason to do that.”

That said, the Olympics is a hugely important event for Beijing, Thibaut said, and it’s fair to expect some degree of scrutiny, “especially for athletes who may have indicated their displeasure at not to express themselves or their dissatisfaction with the IOC’s position on China”.

Citizen Lab reported that there was a list of 2,422 political keywords described in the app’s code base as “illegalwords.txt”. Although the censorship function for these words does not appear to be active, the report indicates that the keywords ranged from references to pornography, mentions of the Tiananmen movement to certain words in Uyghur, including “the Holy Quran”, “injections and “forced demolitions”. ”.

It’s not unexpected, Callas said. “China is hugely blocking the chat of absolutely everything and they are throwing their weight in a way that is reprehensible with things like how much you can even mention Taiwan exists,” he said. “They will not allow free and unrestricted speech because they are not this country.”

“When we agreed to let the Olympics go to Beijing, we implicitly agreed that those were some of the things that were going to happen,” he continued.

However, there are regular precautions those traveling to China, during the Olympics or otherwise, should take, Callus said. National Olympic Committees around the world have advised their teams to leave their personal devices behind and take mobile phones instead.

“It should be assumed that every text, email, online visit and app access can be monitored or compromised,” the United States Olympic and Paralympic Committee said in an advisory.

Callus said that should always be the case when traveling to China, as all of your personal information — from your contact list to your photos — can be compromised.

“One of the reasons you need to make sure you’re using a burner phone is that your address book contact list contains sensitive information – in the sense that anyone who has your address book has , at some level of granularity, your social graph and who you’re logged in to,” he said. “What we’ve learned, for example, from those Snowden drops almost 10 years ago now, it’s that governments are much more interested in knowing who you connect to and who you talk to on a regular basis than what you say.”

For athletes looking to communicate with family or friends outside the country – particularly given that families are not allowed to attend the Olympics due to Covid – Callus said they should use a “reasonably secure” encrypted messaging application, including iMessage, Signal or WhatsApp.

“If the Chinese [government] didn’t shut it down, that’s probably OK,” he said. “That’s probably the best way to talk to people at home.”

Should athletes be worried about flaws in China’s Olympic app? | Monitoring

| Breaking News Updates Fox news
theguardian Gt

Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.