Researchers Hack Olympic Games App
Cybersecurity researchers in Canada have found a “devastating flaw” in the MY2022 app, designed for use by attendees of this year’s Winter Olympic Games in Beijing.
The vulnerability was discovered by the Citizen Lab – an academic research laboratory based at the Munk School of Global Affairs at the University of Toronto.
In findings published Tuesday, researchers said that the flaw allows encryption that protects users’ voice audio and file transfers to be “trivially sidestepped.”
Researchers warned: “Health customs forms which transmit passport details, demographic information and medical and travel history are also vulnerable. Server responses can also be spoofed, allowing an attacker to display fake instructions to users.”
The Citizen Lab reported its findings to the app’s vendor but did not respond.
“While the vendor did not respond to our security disclosure, we find that the app’s security deficits may not only violate Google’s Unwanted Software Policy and Apple’s App Store guidelines but also China’s own laws and national standards pertaining to privacy protection, providing potential avenues for future redress,” stated researchers.
The German Olympic Sports Confederation (DOSB) said that downloading the app has been mandated for travelers seeking entry to the People’s Republic of China to attend the 2022 Winter Olympic Games.
“Without My 2022 there is no immigration into China according to the Beijing playbooks,” said the DSOB.
The confederation shared some cybersecurity advice it had received from the German Federal Institute of Information Security (BSI) regarding the MY2022 app.
“Our athletes are being equipped with a smartphone from IOC partner Samsung in Beijing. BSI recommends using MY2022 on these devices in China and deinstalling it at home,” it said.
The International Olympic Committee (IOC) stated that MY2022 users could configure the app to disable access to features including files, media, calendar, camera, contacts, microphone and location data.
Many countries have planned a diplomatic boycott of the Beijing Olympics over China’s record of human rights violations, including the systemic abuse of the Uyghur and other minority ethnic communities.
Boycotts have been planned by the UK, United States, Lithuania, New Zealand, Scotland, Australia, Canada, Latvia, Estonia, Belgium, Austria, Japan, Netherlands, Denmark and Sweden.
Friday Squid Blogging: Giant Squid vs. Blue Marlin
Epic matchup. As usual, you can also use this squid post to talk about the security stories in the news...
German Police Raid DDoS-Friendly Host ‘FlyHosting’
Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web offering that catered to cybercriminals operating...
From Workshops to Leader Panels: A Recap of Women’s History Month at McAfee
From Workshops to Leader Panels: A Recap of Women’s History Month at McAfee March is Women’s History Month and International...
Italy’s Privacy Watchdog Blocks ChatGPT Amid Privacy Concerns
GPDP probe is due to allegations that ChatGPT failed to comply with data collection rules Read More
Modular “AlienFox” Toolkit Used to Steal Cloud Service Credentials
Harvesting API keys and secrets from AWS SES, Microsoft Office 365 and other services Read More
New Azure Flaw “Super FabriXss” Enables Remote Code Execution Attacks
The cross-site scripting flaw affects SFX version 9.1.1436.9590 or earlier and has a CVSS of 8.2 Read More