Beijing 2022 Olympics: The official application of the Winter Games, a sieve at the service of Beijing?


While the Chinese application MY2022 Olympics is causing controversy for its flaws in terms of personal data protection, the International Olympic Committee (IOC) wants to be reassuring. While a damning report from Citizen Lab – the NGO behind the discovery of the Pegasus spyware – recently highlighted serious privacy issues on the platform set up by Beijing for the 2022 Winter Games , the IOC wanted to defend the Chinese authorities.

Questioned by the editorial staff of ZDNet, the CIO thus defended the application and minimized the seriousness of the problems discovered by Citizen Lab. According to the Olympic organization, the security flaws highlighted on the application are justified due to the Covid-19 pandemic and the “special measures” put in place to “protect participants in the Olympic and Paralympic Winter Games. of Beijing 2022 and the Chinese people”.

“Therefore, a closed-loop management system has been put in place […]. The “MY2022” app supports health tracking function. It is designed to ensure the safety of Games-related personnel in the closed-loop environment. Not enough to silence the critics, while thousands of people present at the games will have no choice but to download the application if they want to represent their country.

A spy in the service of Beijing?

For the CIO, these are not justified, while the application has already been approved by the Google Play Store and the App Store. “The user has control over what the ‘MY2022’ app can access on their device. He can change the settings as soon as the application is installed or at any time thereafter. It is not mandatory to install “MY2022” on mobile phones, as accredited personnel can log into the health monitoring system on the webpage instead.

And to add that “the CIO has carried out independent evaluations of the application by two cybersecurity testing organizations. These reports have confirmed that there are no critical vulnerabilities. As a reminder, downloading the MY2022 application is necessary to participate in the Beijing 2022 Games, which begin on February 4.

However, the NGO Citizen Labs recently warned that the application contains a “simple, but devastating flaw” which makes it possible to “trivially circumvent” the encryption protecting the voice of users and file transfers.

Flaws that raise questions

Passport details, demographic information, and medical and travel history in customs forms of Olympic visitors are also vulnerable, according to Citizen Lab. Server responses can be spoofed, which would allow an attacker to display false instructions to users, explains the NGO. The MY2022 app also allows users to report “politically sensitive” content and includes a list of censorship keywords involving topics such as the situation in Xinjiang or Tibet… enough to make it a perfect snitch in the service of the Chinese authorities.

Citizen Lab further notes that the app may violate Google’s Unwanted Software Policy, Apple’s App Store Guidelines, and China’s national privacy laws and standards. At the time these lines were written, Google and Apple had not yet responded to questions about this application.

As a reminder, the American, German, British and Australian authorities have already urged their citizens to leave all their personal devices and laptops at home in case of departure for the next Winter Olympics, fearing that the latter will be hacked or monitored by the Chinese government during the Games and once they return home. The Dutch Olympic Committee has banned its citizens from bringing their devices to the Olympics.





Source link -97