Beijing Olympics organisers say app security flaws 'fixed'
-
Alcaraz sets up Queen's final clash with Lehecka
-
MLB suspends Padres pitcher three games for hitting Ohtani
-
Belarus opposition leader freed from jail after US mediation
-
Medvedev dispatches home hope Zverev to reach Halle final
-
Tens of thousands join pro-Palestinian marches in London and Berlin
-
India star Bumrah strikes before Duckett and Pope hold firm in 1st Test
-
Nottingham Forest boss Nuno signs new three-year contract
-
Ill Mbappe out of second Real Madrid Club World Cup clash
-
Lehecka stuns Draper to reach Queen's final
-
Marc Marquez continues MotoGP dominance by winning Mugello sprint
-
Bangladesh draw first Test with Sri Lanka after rain hampers play
-
Pant scores India's third hundred in 1st Test before England hit back
-
Vondrousova surprises Sabalenka to reach Berlin final
-
Mexican boxing legend Alvarez promises Crawford bout will be one of his 'best'
-
French scientists find new blood type in Guadeloupe woman
-
Farrell adamant Lions 'won't suger-coat' Argentina loss
-
Malaysia's Dayaks mark rice harvest end with colourful parade
-
Shanto clinches second ton as Bangladesh set Sri Lanka 296-run target
-
Israel says killed three Iranian commanders in fresh wave of strikes
-
Crusaders out-muscle Chiefs to clinch 15th Super Rugby crown
-
VP Vance says US troops still 'necessary' in Los Angeles
-
Australian opener Konstas says he has 'come a long way'
-
'Survive, nothing more': Cuba's elderly live hand to mouth
-
Last member of K-pop megaband BTS to finish military service
-
Olympic balloon to rise again in Paris
-
Samaranch Senior -- controversial diplomat who saved the Olympics
-
As sports embrace gender tests, Coventry and IOC may follow
-
Flamengo floor Chelsea at Club World Cup, Bayern edge out Boca
-
Bayern overcome battling Boca to reach Club World Cup last 16
-
Jeeno extends lead at Women's PGA Championship
-
Israel says delayed Iran's presumed nuclear programme by two years
-
Japan-US-Philippines coast guards simulate crisis amid China threat
-
Flamengo floor Chelsea at Club World Cup, Bayern face Boca
-
Tech-fueled misinformation distorts Iran-Israel fighting
-
Panama declares state of emergency over deadly pension protests
-
Selling a Business: Expert Tax Guide & Checklist Released
-
Does Hospital Indemnity Insurance Help Cover Recurring Stays?
-
Trump says Iran has 'maximum' two weeks, dismisses Europe peace efforts
-
Defending champions Toulouse hold off Bayonne to reach Top 14 final
-
Teams from 'south' have Club World Cup heat advantage: Dortmund's Kovac
-
'It's only match one' says Itoje after Lions mauled by Pumas
-
Fleetwood, Thomas and Scheffler share PGA Travelers lead
-
Mexican authorities rescue 3,400 trafficked baby turtles
-
Maresca accepts Chelsea were second best in Flamengo loss
-
Global stocks mixed, oil lower as market digests latest on Iran
-
Argentina's Kirchner urges backers not to gather as police deploy
-
Lions slump to warm-up defeat by Argentina
-
Habz, Stark light up Diamond League as Girma banishes Paris blues
-
Haliburton warns Pacers of 'poison' of outside noise before NBA Finals game 7
-
Benfica knock out Auckland in delayed Club World Cup romp
Beijing Olympics organisers say app security flaws 'fixed'
An app that Winter Olympics attendees must use has been patched, a Chinese official told AFP Thursday, after cyber security researchers said they had found a "simple but devastating" flaw that could allow data leaks.
Next month's Games are being held in a bubble that separates participants from the rest of the population as part of China's strict zero-Covid policy.
Those taking part -- from foreign athletes, delegates and media to the army of local volunteers and officials -- have to download a health-tracking app called MY2022.
Users report their health status daily through the app which collects data including vaccination status and coronavirus test results, as well as travel and passport details.
Earlier this week researchers at the University of Toronto's Citizen Lab said they discovered the app's security flaws could allow data including health information and voice messages to leak, which could then be read by "eavesdroppers" such as Wi-Fi hotspot operators.
But a senior Chinese Olympic official said any bugs had now been fixed.
"There is definitely no data leakage," Beijing Olympics Organising Committee (BOCOG) tech chief Yu Hong told AFP, adding that the app's user and privacy guidelines were reviewed by the International Olympic Committee.
"The security loopholes have already been fixed. If they existed in earlier versions, they have been fixed in the latest version."
The app's developers have been in email contact with Citizen Lab since Wednesday, Yu added, promising that there will be "relevant discussions" on follow-up work.
Yu did not deny there may have been security flaws in previous versions of the app and she suggested that BOCOG had not been aware of them.
"During development we have continued to test and use it. When new usage conditions appear some new technological imperfections may be discovered, these can be called loopholes," she said.
- Data laws -
Citizen Lab earlier said it had notified organisers about the issues in early December but received no reply.
However, Yu said organisers never saw the request because it was sent to an old email address.
China's data security laws require that health and medical data be encrypted during transmission and storage.
The Citizen Lab report claimed that the app's inadequate encryption could violate Chinese law, as well as Google and Apple mobile software policies.
"China has a history of undermining encryption technology to perform political censorship and surveillance," researcher Jeffrey Knockel wrote in the report.
Researchers also discovered the app's Android code contained an apparently inactive blacklist of over 2,400 "politically sensitive" phrases, and that it had a separate function to report other users' speech for "politically sensitive content".
But organisers denied ever requesting these functions, and said they have asked the developer to look into it.
They added that app health data would primarily be shared with virus control authorities, after the report claimed this was unclear.
"Use of data by individuals and departments is only permitted after the IOC confirms it," Yu said.
China maintains the world's most sophisticated digital tools to monitor and censor the internet for its citizens, blocking major Western platforms such as Twitter, Facebook and YouTube.
In recent days, Olympic associations in multiple Western countries have warned athletes to leave personal devices at home and bring "burner" phones to China.
Analysts have also warned of cybersecurity risks such as data theft and surveillance targeting attendees using public Wi-Fi networks and official SIM cards provided by organisers.
However, organisers and the Chinese government have dismissed such concerns as unfounded.
"The government will not monitor individuals' phones in any form," Yu said.
The app also provides a range of daily living services for users, such as translation, weather, transport schedules and accommodation booking.
P.M.Smith--AMWN
