A group of cybersecurity experts have voiced their concerns over the Beijing Olympics 2022 App. Security holes have been discovered, the app named “My2022” was developed in China and is a requirement for the event
With less than three weeks ahead of the Beijing 2022 Olympics, February 4th is the opening ceremony, cyber security researchers at the University of Toronto have voiced concerns today about potential risks from the app that all participants of the games are required to have installed.
All participants of the games, including Athletes, Journalists, Sports Officials and even Visitors are expected to download this app and use it before arriving at the people’s republic.
The app is supposed to monitor the health of everyone participating in the winter games in Beijing, for people who will be arriving from abroad like team Canada, they are required to start inputting health data 14 days before arriving in China, the app is allegedly monitoring things like fevers, coughs headaches sore throats and the like.
MY2022 Is more than just a health app, it also has a Visitor Guide and has a Chat Function that allows users to exchange messages and files, this is where the biggest issue lies.
CitizenLab at the University of Toronto, a group of cybersecurity researchers have pointed towards the MY2022’s encryption certificate.
The flaw they say, leaves the information of users vulnerable, meaning they could be accessed by a third party and manipulated, users of this application could potentially connect to someone intercepting this traffic. The traffic could be read, modified, responses from the server could be changed.
So-Called Illegal Words
Beyond that, a list of restricted words was found, the text file containing a list of so-called illegal words which includes, “Uyghur” “Tibetan” “Tiananmen” and “Dalai Lama”. A further function was reported that allows other users to expose a chat or message that might be considered politically sensitive in the people’s republic.
What did the IOC and Chinese state media say
The IOC media team said:
The IOC has conducted independent third-party assessments on the application from two cyber-security testing organizations. These reports confirmed that there are no critical vulnerabilities.IOC Media Team
The Chinese State Media said:
MY2022 has been scrutinized by Google, Apple and Samsung and all personal information they say will be encrypted to ensure privacy.Chinese State Media
Germany, Australia The UK and The US are all advising their athletes to leave personal electronics like phones and laptops at home, and The Dutch team, they have told their team to not bring any personal phones whatsoever because they are very much concerned about surveillance.
Enjoyed this article? Why not subscribe to our Weekly Cybersecurity Newsletter?
You may also enjoy reading, The definitions of “recently” and “discovered” leave a lot to be desired