
An app built by China to monitor the health of attendees at the Beijing Winter Olympics contains security flaws that makes it vulnerable to privacy breaches and hackers. The MY2022 app was built by the Beijing Organising Committee mainly to track and share COVID-19-related medical information among the athletes during the Games.
Researchers said MY2022 failed to properly encrypt the transfer of personal data, leaving it vulnerable to hackers. Also found that MY2022’s privacy policy does not specify which organisations it would share the users’ information with.
The International Olympic Committee said it had conducted independent assessments on the application and had not found any critical vulnerabilities. It is not compulsory to install ‘My 2022’ on cell phones.
All of the MY2022 app’s technology aspects have been validated by relevant app stores, the Beijing 2022 official said at a briefing hosted by the Chinese embassy in the United States.
The report said MY2022 failed to validate SSL certificates, which are needed to authenticate a website’s identity and enable encrypted connection. This can be exploited by hackers to transmit the data to malicious sites.
Such data can be read by any passive eavesdropper, such as someone in range of an unsecured WiFi access point, someone operating a WiFi hotspot, or an ISP or other telecommunications company.
The Winter Olympics are set to begin on Feb. 4. Several countries including the United States, Britain, Japan and Australia have announced diplomatic boycotts of the Games over concerns about human rights in China.