Beijing Olympics organisers say app security flaws 'fixed'
-
Defiant Orban digs in over blocked Ukraine loan at EU talks
-
Iran 'boycotting' USA but not World Cup: football federation chief
-
Tokyo's dazzling cherry blossom season officially begins
-
Energy prices surge, stocks sink amid rising energy shock fears
-
Iran causes 'extensive' damage to Qatar gas hub, sparks Trump warning
-
Baby monkey Punch acclimatising, making new friends at Japan zoo
-
Labubu creators hope for monster film hit in Sony co-production
-
Kings of K-pop: What to know about BTS's comeback
-
Patching the wounds of Kinshasa's street children
-
Thailand's Anutin: Millionaire PM with a populist approach
-
In Seoul square of protest and history, BTS fans welcome grand comeback
-
Hong Kong panel hears safety measures failed on day of deadly fire
-
Trump threatens to destroy Iran's largest gas field
-
Doncic and James power Lakers over Rockets as win streak hits seven
-
Inter continue Serie A title hunt ahead of Italy's date with World Cup destiny
-
Strait of Hormuz blockage drives up Gulf food bills
-
Ahead of election, Danish city mirrors country's challenges
-
Wild possum shelters with plush toys in Australian airport shop
-
Iran missile fire kills 3 Palestinians in West Bank, foreign worker in Israel
-
Asian Games cruise ship and wooden huts will be 'unique experience'
-
Pacific nations fear fuel shortages as Middle East war sends oil prices soaring
-
World indoor athletics championships: five stand-out events
-
Crude prices surge, stocks sink as Iran warns of regional energy strikes
-
'No oil, no money': Orban brings Ukraine standoff to Brussels
-
Mideast energy shock rattles eurozone rate-setters
-
Scotland's Laidlaw extends tenure as Hurricanes coach
-
Messi scores 900th career goal but Miami crash out
-
Japan coach says Australia 'massive favourites' in Asian Cup final
-
Iran targets Gulf energy sites after gas field strike
-
Director plans to put Val Kilmer back on screen thanks to AI
-
Social media addiction trial jury deliberations continue
-
Evotec Receives $10 M Milestone from Bristol Myers Squibb Protein Degradation Collaboration for Clinical Study Initiation
-
MindMaze Therapeutics Announces Initiation of Coverage by Baader Bank
-
Tocvan Drone Magnetic Data Strengthens Gold-Silver Targets Across Gran Pilar; Identifies Broad Zones for Expansion Potential
-
Messi scores 900th career goal in Inter Miami cup clash
-
Barcelona, Liverpool, Bayern and Atletico reach Champions League quarter-finals
-
Tudor impressed by 'improved' Spurs despite Champions League exit
-
PSG will not relish Liverpool reunion, says Slot
-
Kane says Bayern 'don't fear anyone' ahead of Real clash
-
Venezuelan leader sacks defense minister, a Maduro stalwart
-
Kane and Bayern swat aside Atalanta to set up Real clash
-
Thailand's new parliament set to elect Anutin as PM
-
Atletico survive Spurs scare to reach Champions League quarters
-
Liverpool thrash Galatasaray to reach Champions League quarters
-
Costa Rica cuts ties with Cuba, closes embassy in Havana
-
Music popstar will.i.am meshes AI and 'micromobility'
-
US Fed Chair says 'no intention' of leaving board while probe ongoing
-
Iran targets Gulf energy sites after intel chief killed
-
Colombia detains alleged mastermind of Ecuadoran candidate assassination
-
Costa Rica closes Havana embassy, tells Cuba to withdraw diplomats
Beijing Olympics organisers say app security flaws 'fixed'
An app that Winter Olympics attendees must use has been patched, a Chinese official told AFP Thursday, after cyber security researchers said they had found a "simple but devastating" flaw that could allow data leaks.
Next month's Games are being held in a bubble that separates participants from the rest of the population as part of China's strict zero-Covid policy.
Those taking part -- from foreign athletes, delegates and media to the army of local volunteers and officials -- have to download a health-tracking app called MY2022.
Users report their health status daily through the app which collects data including vaccination status and coronavirus test results, as well as travel and passport details.
Earlier this week researchers at the University of Toronto's Citizen Lab said they discovered the app's security flaws could allow data including health information and voice messages to leak, which could then be read by "eavesdroppers" such as Wi-Fi hotspot operators.
But a senior Chinese Olympic official said any bugs had now been fixed.
"There is definitely no data leakage," Beijing Olympics Organising Committee (BOCOG) tech chief Yu Hong told AFP, adding that the app's user and privacy guidelines were reviewed by the International Olympic Committee.
"The security loopholes have already been fixed. If they existed in earlier versions, they have been fixed in the latest version."
The app's developers have been in email contact with Citizen Lab since Wednesday, Yu added, promising that there will be "relevant discussions" on follow-up work.
Yu did not deny there may have been security flaws in previous versions of the app and she suggested that BOCOG had not been aware of them.
"During development we have continued to test and use it. When new usage conditions appear some new technological imperfections may be discovered, these can be called loopholes," she said.
- Data laws -
Citizen Lab earlier said it had notified organisers about the issues in early December but received no reply.
However, Yu said organisers never saw the request because it was sent to an old email address.
China's data security laws require that health and medical data be encrypted during transmission and storage.
The Citizen Lab report claimed that the app's inadequate encryption could violate Chinese law, as well as Google and Apple mobile software policies.
"China has a history of undermining encryption technology to perform political censorship and surveillance," researcher Jeffrey Knockel wrote in the report.
Researchers also discovered the app's Android code contained an apparently inactive blacklist of over 2,400 "politically sensitive" phrases, and that it had a separate function to report other users' speech for "politically sensitive content".
But organisers denied ever requesting these functions, and said they have asked the developer to look into it.
They added that app health data would primarily be shared with virus control authorities, after the report claimed this was unclear.
"Use of data by individuals and departments is only permitted after the IOC confirms it," Yu said.
China maintains the world's most sophisticated digital tools to monitor and censor the internet for its citizens, blocking major Western platforms such as Twitter, Facebook and YouTube.
In recent days, Olympic associations in multiple Western countries have warned athletes to leave personal devices at home and bring "burner" phones to China.
Analysts have also warned of cybersecurity risks such as data theft and surveillance targeting attendees using public Wi-Fi networks and official SIM cards provided by organisers.
However, organisers and the Chinese government have dismissed such concerns as unfounded.
"The government will not monitor individuals' phones in any form," Yu said.
The app also provides a range of daily living services for users, such as translation, weather, transport schedules and accommodation booking.
P.M.Smith--AMWN
