Beijing Olympics organisers say app security flaws 'fixed'
-
Pyongyang calling: North Korea shows off own-brand phones
-
Iran warns 'not even started' in Hormuz
-
World body in dark over allegations against China badminton chief
-
Asian stocks drop amid fears over US-Iran ceasefire
-
China fireworks factory explosion kills 26, injures 61
-
China hails 'our era' as Wu Yize's world snooker triumph goes viral
-
Ex-model accuses French scout of grooming her for Epstein
-
Timberwolves eclipse Spurs as Knicks rout Sixers
-
Taiwan leader says island has 'right to engage with the world'
-
Yoko says oh no to 'John Lemon' beer
-
Bayern's Kompany promises repeat fireworks in PSG Champions League semi
-
A coaching great? Luis Enrique has PSG on brink of another Champions League final
-
Top five moments from the Met Gala
-
Brunson leads Knicks in rout of Sixers
-
Retiring great Sophie Devine wants New Zealand back playing Tests
-
Ukraine pressures Russia as midnight ceasefire looms
-
Stocks sink amid fears over US-Iran ceasefire
-
G7 trade ministers set to meet but not discuss latest US tariff threat
-
Sherlock Holmes fans recreate fateful duel at Swiss falls
-
Premier League losses soar for clubs locked in 'arms race'
-
'Spreading like wildfire': Fiji grapples with soaring HIV cases
-
For Israel's Circassians, food and language sustain an ancient heritage
-
'Super El Nino' raises fears for Asia reeling from Middle East conflict
-
Trouble in paradise: Colombia tourist jewel plagued by violence
-
Death toll in Brazil small plane crash rises to three
-
Pulitzers honor damning coverage of Trump and his policies
-
Camino Appointments Senior Management to Build and Operate the Puquios Copper Mine in Chile and for Corporate Development
-
Plantations International USA Introduces Institutional-Grade Agricultural Offering for Accredited Investors
-
Star Copper Multi Target Drill Pad Construction Underway in Preparation for 15,000 Metre Drill Program
-
BioLargo Subsidiary Clyra Medical Signs Exclusive Distribution Agreement with Al- Hikma FZCO for ViaCLYR(TM) Across the Middle East, North Africa, and Adjacent Markets
-
Grande Portage Resources Publishes McKinley Research Group's Socioeconomic Impact Study for the New Amalga Gold Project
-
Analysis: ASMFC Shows Double Standard on Jobs and Economic Impacts in Striped Bass and Menhaden Management
-
LA fire suspect had grudge against wealthy: prosecutors
-
US-Iran ceasefire on brink as UAE reports attacks
-
Stars shine at Met Gala, fashion's biggest night
-
Blake Lively, Justin Baldoni agree to end lengthy legal battle
-
Dolly Parton cancels Las Vegas shows over health concerns
-
Wu Yize: China's 'priest' who conquered the snooker world
-
China's Wu Yize wins World Snooker Championship for first time
-
Broadway theater blaze forces 'Book of Mormon' to close
-
Advantage Arsenal as Man City held in six-goal Everton thriller
-
Roma hammer Fiorentina to remain in Champions League hunt
-
MLB Tigers star pitcher Skubal to undergo elbow surgery
-
No.6 Morikawa withdraws from final PGA Championship tuneup
-
Ukraine and Russia declare separate truces
-
Arteta warns Atletico will face Arsenal 'beasts' in Champions League
-
OpenAI co-founder under fire in Musk trial over $30 bn stake
-
US says downed Iranian missiles and drones, destroyed six boats
-
Amazon to ship stuff for any business, not just its own merchants
-
Swastikas daubed on NY Jewish homes, synagogues: police
Beijing Olympics organisers say app security flaws 'fixed'
An app that Winter Olympics attendees must use has been patched, a Chinese official told AFP Thursday, after cyber security researchers said they had found a "simple but devastating" flaw that could allow data leaks.
Next month's Games are being held in a bubble that separates participants from the rest of the population as part of China's strict zero-Covid policy.
Those taking part -- from foreign athletes, delegates and media to the army of local volunteers and officials -- have to download a health-tracking app called MY2022.
Users report their health status daily through the app which collects data including vaccination status and coronavirus test results, as well as travel and passport details.
Earlier this week researchers at the University of Toronto's Citizen Lab said they discovered the app's security flaws could allow data including health information and voice messages to leak, which could then be read by "eavesdroppers" such as Wi-Fi hotspot operators.
But a senior Chinese Olympic official said any bugs had now been fixed.
"There is definitely no data leakage," Beijing Olympics Organising Committee (BOCOG) tech chief Yu Hong told AFP, adding that the app's user and privacy guidelines were reviewed by the International Olympic Committee.
"The security loopholes have already been fixed. If they existed in earlier versions, they have been fixed in the latest version."
The app's developers have been in email contact with Citizen Lab since Wednesday, Yu added, promising that there will be "relevant discussions" on follow-up work.
Yu did not deny there may have been security flaws in previous versions of the app and she suggested that BOCOG had not been aware of them.
"During development we have continued to test and use it. When new usage conditions appear some new technological imperfections may be discovered, these can be called loopholes," she said.
- Data laws -
Citizen Lab earlier said it had notified organisers about the issues in early December but received no reply.
However, Yu said organisers never saw the request because it was sent to an old email address.
China's data security laws require that health and medical data be encrypted during transmission and storage.
The Citizen Lab report claimed that the app's inadequate encryption could violate Chinese law, as well as Google and Apple mobile software policies.
"China has a history of undermining encryption technology to perform political censorship and surveillance," researcher Jeffrey Knockel wrote in the report.
Researchers also discovered the app's Android code contained an apparently inactive blacklist of over 2,400 "politically sensitive" phrases, and that it had a separate function to report other users' speech for "politically sensitive content".
But organisers denied ever requesting these functions, and said they have asked the developer to look into it.
They added that app health data would primarily be shared with virus control authorities, after the report claimed this was unclear.
"Use of data by individuals and departments is only permitted after the IOC confirms it," Yu said.
China maintains the world's most sophisticated digital tools to monitor and censor the internet for its citizens, blocking major Western platforms such as Twitter, Facebook and YouTube.
In recent days, Olympic associations in multiple Western countries have warned athletes to leave personal devices at home and bring "burner" phones to China.
Analysts have also warned of cybersecurity risks such as data theft and surveillance targeting attendees using public Wi-Fi networks and official SIM cards provided by organisers.
However, organisers and the Chinese government have dismissed such concerns as unfounded.
"The government will not monitor individuals' phones in any form," Yu said.
The app also provides a range of daily living services for users, such as translation, weather, transport schedules and accommodation booking.
P.M.Smith--AMWN
