The “simple but devastating flaw” in the encryption of the MY2022 app, which is used to monitor Covid and is mandatory for all attendees of the Games in China’s capital, could allow health information, voice messages and other data to leak, warned Jeffrey Knockel, author of the report for Citizen Lab.

The International Olympic Committee said users can disable the app’s access to parts of their phones and that assessments from two cyber security organisations “confirmed that there are no critical vulnerabilities”.

Citizen Lab said it notified the Chinese organising committee for the Games of the issues in early December but received no reply. “China has a history of undermining encryption technology to perform political censorship and surveillance,” Mr Knockel wrote.

The flaws affect SSL certificates, which allow online entities to communicate securely. MY2022 doesn’t authenticate SSL certificates, meaning other parties could access the app’s data, while data is transmitted without the usual encryption SSL certificates have. While the app is transparent about the medical information it collects as part of China’s efforts to screen Covid-19 cases, he said “it is unclear with whom or which organisations it shares this information”.

MY2022 also contains a list called “illegalwords.txt” of “politically sensitive” phrases, such as Tibetan, Uighur, “CCP evil” and Xi Jinping.

AFP

More related stories

World

The Israeli underground carpark transformed into a 2000-bed hospital

WATCH | Deep beneath a medical centre in Israel’s north, babies are being born in a carpark converted into an extraordinary world-class hospital that is running like clockwork as bombs and rockets rain down above.

Read more

World

Israel tracks mobile phones for assassinations

Israel has killed Iranian nuclear scientists and military chiefs by tracking their mobile phones, in the latest case of technology-driven warfare giving the Jewish state the edge over its enemies.

Read more