In a report released by The University of Toronto’s Citizen Lab today, researchers analyzed the ‘My 2022’ Beijing Winter Olympics app and discovered the app is insecure when it comes to protecting the sensitive data of its users. The app’s encryption system carries a significant flaw that enables middle-men to access documents, audio and files in cleartext form. Researchers found that the ‘My 2022’ app, which is required for all athletes, members of the press and the audience to have installed, is subject to censorship based on keywords and has an unclear privacy policy that doesn’t determine who receives and processes sensitive data, thus violating Google and Apple’s App Store guidelines.
Chris Olson, CEO at The Media Trust, an enterprise digital safety platform:
“Poor app security is a leading cause of the rise in cyberattacks on mobile devices. While the security issues found in ‘My 2022’ are concerning, unfortunately they are not as unique as they appear. Not all mobile apps are susceptible to man-in-the-middle attacks, but most of them do contain undisclosed third parties who can access the same user data as the developer. Mobile users frequently assume that they are safe either because of app store policies, or because they have consented to terms of service – but third parties are not carefully checked by app reviewers, and they are rarely monitored for safety. They can be hijacked to execute phishing attacks, share sensitive data with fourth or fifth parties, suffer a data breach caused by lax security practices, or worse.”
I have to admit that if I were an athlete going to these Olympics and I read this, I may think twice about going. And it makes the move by the Dutch to have athletes keep their personal electronics at home look like a good decision.
Like this:
Like Loading...
Related
This entry was posted on January 18, 2022 at 2:33 pm and is filed under Commentary with tags China, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
The Official Beijing Winter Olympics App Is Found To Be insecure By Citizen Lab
In a report released by The University of Toronto’s Citizen Lab today, researchers analyzed the ‘My 2022’ Beijing Winter Olympics app and discovered the app is insecure when it comes to protecting the sensitive data of its users. The app’s encryption system carries a significant flaw that enables middle-men to access documents, audio and files in cleartext form. Researchers found that the ‘My 2022’ app, which is required for all athletes, members of the press and the audience to have installed, is subject to censorship based on keywords and has an unclear privacy policy that doesn’t determine who receives and processes sensitive data, thus violating Google and Apple’s App Store guidelines.
Chris Olson, CEO at The Media Trust, an enterprise digital safety platform:
“Poor app security is a leading cause of the rise in cyberattacks on mobile devices. While the security issues found in ‘My 2022’ are concerning, unfortunately they are not as unique as they appear. Not all mobile apps are susceptible to man-in-the-middle attacks, but most of them do contain undisclosed third parties who can access the same user data as the developer. Mobile users frequently assume that they are safe either because of app store policies, or because they have consented to terms of service – but third parties are not carefully checked by app reviewers, and they are rarely monitored for safety. They can be hijacked to execute phishing attacks, share sensitive data with fourth or fifth parties, suffer a data breach caused by lax security practices, or worse.”
I have to admit that if I were an athlete going to these Olympics and I read this, I may think twice about going. And it makes the move by the Dutch to have athletes keep their personal electronics at home look like a good decision.
Share this:
Like this:
Related
This entry was posted on January 18, 2022 at 2:33 pm and is filed under Commentary with tags China, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.