Beijing Olympics organisers say app security flaws 'fixed'
-
Scorching 1,500m return for Olympic great Ledecky in Florida
-
Israel's Netanyahu warns wildfires could reach Jerusalem
-
Istanbul lockdown aims to prevent May Day marches
-
Australian guard Daniels of Hawks named NBA's most improved
-
Mexico City to host F1 races until 2028
-
Morales vows no surrender in bid to reclaim Bolivian presidency
-
Ukraine, US sign minerals deal, tying Trump to Kyiv
-
Phenomenons like Yamal born every 50 years: Inter's Inzaghi
-
Ukraine, US say minerals deal ready as Kyiv hails sharing
-
Global stocks mostly rise following mixed economic data
-
O'Sullivan says he must play better to win eighth snooker world title after seeing off Si Jiahui
-
Sabalenka eases past Kostyuk into Madrid Open semis
-
Netflix's 'The Eternaut' echoes fight against tyranny: actor Ricardo Darin
-
US economy unexpectedly shrinks, Trump blames Biden
-
Barca fight back against Inter in sensational semi-final draw
-
Meta quarterly profit climbs despite big cloud spending
-
US Supreme Court weighs public funding of religious charter school
-
Climate change made fire conditions twice as likely in South Korea blazes: study
-
Amorim says not even Europa League glory can save Man Utd's season
-
Syria reports Israeli strikes as clashes with Druze spread
-
Ukraine, US say minerals deal ready as suspense lingers
-
Everything is fine: Trump's cabinet shrugs off shrinking economy
-
Chelsea boss Maresca adamant money no guarantee of success
-
Wood warns England cricketers against 'dumb' public comments
-
US economy shrinks, Trump blames Biden
-
Caterpillar so far not hiking prices to offset tariff hit
-
Japan's Kawasaki down Ronaldo's Al Nassr to reach Asian Champions League final
-
Trump praises Musk as chief disruptor eyes exit
-
Chahal hat-trick helps Punjab eliminate Chennai from IPL playoff race
-
Pope Francis saw clergy's lack of humility as a 'cancer': author
-
Weinstein accuser recounts alleged rape at assault retrial in NY
-
Piastri heads into Miami GP as the man to beat
-
US economy unexpectedly shrinks in first quarter, Trump blames Biden
-
Maxwell likely to miss rest of IPL with 'fractured finger'
-
Syria reports Israeli strikes after warning over Druze as sectarian clashes spread
-
Despite war's end, Afghanistan remains deep in crisis: UN relief chief
-
NFL fines Falcons and assistant coach over Sanders prank call
-
British teen Brennan takes stage 1 of Tour de Romandie
-
Swedish reporter gets suspended term over Erdogan insult
-
Renewable energy in the dock in Spain after blackout
-
South Africa sets up inquiry into slow apartheid justice
-
Stocks retreat as US GDP slumps rattles confidence
-
Migrants' dreams buried under rubble after deadly strike on Yemen centre
-
Trump blames Biden's record after US economy shrinks
-
UK scientists fear insect loss as car bug splats fall
-
Mexico avoids recession despite tariff uncertainty
-
Rwandan awarded for saving grey crowned cranes
-
Spurs have 'unbelievable opportunity' for European glory: Postecoglou
-
Microsoft president urges fast 'resolution' of transatlantic trade tensions
-
Poppies flourish at Tower of London for WWII anniversary
NYSE - LSE
Beijing Olympics organisers say app security flaws 'fixed'
An app that Winter Olympics attendees must use has been patched, a Chinese official told AFP Thursday, after cyber security researchers said they had found a "simple but devastating" flaw that could allow data leaks.
Next month's Games are being held in a bubble that separates participants from the rest of the population as part of China's strict zero-Covid policy.
Those taking part -- from foreign athletes, delegates and media to the army of local volunteers and officials -- have to download a health-tracking app called MY2022.
Users report their health status daily through the app which collects data including vaccination status and coronavirus test results, as well as travel and passport details.
Earlier this week researchers at the University of Toronto's Citizen Lab said they discovered the app's security flaws could allow data including health information and voice messages to leak, which could then be read by "eavesdroppers" such as Wi-Fi hotspot operators.
But a senior Chinese Olympic official said any bugs had now been fixed.
"There is definitely no data leakage," Beijing Olympics Organising Committee (BOCOG) tech chief Yu Hong told AFP, adding that the app's user and privacy guidelines were reviewed by the International Olympic Committee.
"The security loopholes have already been fixed. If they existed in earlier versions, they have been fixed in the latest version."
The app's developers have been in email contact with Citizen Lab since Wednesday, Yu added, promising that there will be "relevant discussions" on follow-up work.
Yu did not deny there may have been security flaws in previous versions of the app and she suggested that BOCOG had not been aware of them.
"During development we have continued to test and use it. When new usage conditions appear some new technological imperfections may be discovered, these can be called loopholes," she said.
- Data laws -
Citizen Lab earlier said it had notified organisers about the issues in early December but received no reply.
However, Yu said organisers never saw the request because it was sent to an old email address.
China's data security laws require that health and medical data be encrypted during transmission and storage.
The Citizen Lab report claimed that the app's inadequate encryption could violate Chinese law, as well as Google and Apple mobile software policies.
"China has a history of undermining encryption technology to perform political censorship and surveillance," researcher Jeffrey Knockel wrote in the report.
Researchers also discovered the app's Android code contained an apparently inactive blacklist of over 2,400 "politically sensitive" phrases, and that it had a separate function to report other users' speech for "politically sensitive content".
But organisers denied ever requesting these functions, and said they have asked the developer to look into it.
They added that app health data would primarily be shared with virus control authorities, after the report claimed this was unclear.
"Use of data by individuals and departments is only permitted after the IOC confirms it," Yu said.
China maintains the world's most sophisticated digital tools to monitor and censor the internet for its citizens, blocking major Western platforms such as Twitter, Facebook and YouTube.
In recent days, Olympic associations in multiple Western countries have warned athletes to leave personal devices at home and bring "burner" phones to China.
Analysts have also warned of cybersecurity risks such as data theft and surveillance targeting attendees using public Wi-Fi networks and official SIM cards provided by organisers.
However, organisers and the Chinese government have dismissed such concerns as unfounded.
"The government will not monitor individuals' phones in any form," Yu said.
The app also provides a range of daily living services for users, such as translation, weather, transport schedules and accommodation booking.
P.M.Smith--AMWN