Security vulnerabilities in Olympic mobile app
20. Januar 2022Security vulnerabilities in Olympic mobile app
Beijing, Jan. 20, 2020
A cybersecurity group has uncovered security vulnerabilities in an Olympic cell phone app that athletes will be required to use for COVID monitoring at next month’s Beijing Games. According to an analysis by the University of Toronto’s Citizen Lab, the My2022 app has vulnerabilities that put users at risk of exposing their health and other personal information.
Athletes, media and other Games participants must use My2022 to upload their passport data, travel itineraries and health information for daily COVID monitoring. The app, from state-owned Beijing Financial Holdings Group, also offers file transfer, weather updates, and text, video and audio chat functions.
However, the app’s encryption, which protects voice, audio and file transfers, can be circumvented with little effort, according to the nonprofit lab.
MY2022 also fails to validate some SSL certificates that authenticate a website’s identity to ensure a secure connection.
Hackers could exploit this vulnerability by tricking users into connecting to fake websites to steal sensitive data, Citizen Lab said.
Meanwhile, cybersecurity firm Internet 2.0 has also warned about the potential security risks of Olympics and recommended that participants use disposable cell phones.
