Beijing Olympics organisers say app security flaws 'fixed'
-
Trump authorizes troops to Chicago as judge blocks Portland deployment
-
Wallabies left ruing missed chances ahead of European tour
-
Higgo stretches PGA Tour lead in Mississippi
-
Blue Jays pummel Yankees 10-1 in MLB playoff series opener
-
Georgia ruling party wins local polls as mass protests flare
-
Depoortere stakes France claim as Bordeaux-Begles stumble past Lyon
-
Vinicius double helps Real Madrid beat Villarreal
-
New museum examines family life of Mexican artist Frida Kahlo
-
Piccioli sets new Balenciaga beat, with support from Meghan Markle
-
Lammens must be ready for 'massive' Man Utd scrutiny, says Amorim
-
Arteta 'not positive' after Odegaard sets unwanted injury record
-
Slot struggles to solve Liverpool problems after third successive loss
-
Netanyahu hopes to bring Gaza hostages home within days as negotiators head to Cairo
-
Ex-NFL QB Sanchez in hospital after reported stabbing
-
Liverpool lose again at Chelsea, Arsenal go top of Premier League
-
Liverpool suffer third successive loss as Estevao strikes late for Chelsea
-
Diaz dazzles early and Kane strikes again as Bayern beat Frankfurt
-
De Zerbi living his best life as Marseille go top of Ligue 1
-
US envoys head to Mideast as Trump warns Hamas against peace deal delay
-
In-form Inter sweep past Cremonese to join Serie A leaders
-
Kolisi hopes Rugby Championship success makes South Africa 'walk tall' again
-
Ex-All Black Nonu rolls back the years again as Toulon cruise past Pau
-
Hundreds of thousands turn out at pro-Palestinian marches in Europe
-
Vollering powers to European women's road race title
-
Struggling McLaren hit bump in the road on Singapore streets
-
'We were treated like animals', deported Gaza flotilla activists say
-
Trump envoys head to Egypt as Hamas agrees to free Gaza hostages
-
Czech billionaire ex-PM's party tops parliamentary vote
-
Trump enovys head to Egypt as Hamas agrees to free hostages
-
Arsenal go top of Premier League as Man Utd ease pressure on Amorim
-
Thousands attend banned Pride march in Hungarian city Pecs
-
Consent gives Morris and Prescott another memorable Arc weekend
-
Georgian police fire tear gas as protesters try to enter presidential palace
-
Vollering powers to European road race title
-
Reinach and Marx star as Springboks beat Argentina to retain Rugby Championship
-
Russell celebrates 'amazing' Singapore pole as McLarens struggle
-
Czech billionaire ex-PM's party leads in parliamentary vote
-
South Africa edge Argentina to retain Rugby Championship
-
'Everyone's older brother': Slipper bows out in Wallabies loss
-
Thousands rally in Georgia election-day protest
-
Sinner starts Shanghai defence in style as Zverev defies toe trouble
-
Russell takes pole position for Singapore Grand Prix as McLaren struggle
-
Robertson praises All Blacks 'grit' in Australia win
-
Government, protesters reach deal to end unrest in Pakistan's Kashmir
-
Kudus fires Spurs into second with win at Leeds
-
Rival rallies in Madagascar after deadly Gen Z protests
-
Egypt opens one of Valley of the Kings' largest tombs to public
-
Ethiopia hits back at 'false' Egyptian claims over mega-dam
-
Sinner breezes past Altmaier to launch Shanghai title defence
-
Czech ex-PM set to win vote, putting Ukraine aid in doubt
NYSE - LSE
Beijing Olympics organisers say app security flaws 'fixed'
An app that Winter Olympics attendees must use has been patched, a Chinese official told AFP Thursday, after cyber security researchers said they had found a "simple but devastating" flaw that could allow data leaks.
Next month's Games are being held in a bubble that separates participants from the rest of the population as part of China's strict zero-Covid policy.
Those taking part -- from foreign athletes, delegates and media to the army of local volunteers and officials -- have to download a health-tracking app called MY2022.
Users report their health status daily through the app which collects data including vaccination status and coronavirus test results, as well as travel and passport details.
Earlier this week researchers at the University of Toronto's Citizen Lab said they discovered the app's security flaws could allow data including health information and voice messages to leak, which could then be read by "eavesdroppers" such as Wi-Fi hotspot operators.
But a senior Chinese Olympic official said any bugs had now been fixed.
"There is definitely no data leakage," Beijing Olympics Organising Committee (BOCOG) tech chief Yu Hong told AFP, adding that the app's user and privacy guidelines were reviewed by the International Olympic Committee.
"The security loopholes have already been fixed. If they existed in earlier versions, they have been fixed in the latest version."
The app's developers have been in email contact with Citizen Lab since Wednesday, Yu added, promising that there will be "relevant discussions" on follow-up work.
Yu did not deny there may have been security flaws in previous versions of the app and she suggested that BOCOG had not been aware of them.
"During development we have continued to test and use it. When new usage conditions appear some new technological imperfections may be discovered, these can be called loopholes," she said.
- Data laws -
Citizen Lab earlier said it had notified organisers about the issues in early December but received no reply.
However, Yu said organisers never saw the request because it was sent to an old email address.
China's data security laws require that health and medical data be encrypted during transmission and storage.
The Citizen Lab report claimed that the app's inadequate encryption could violate Chinese law, as well as Google and Apple mobile software policies.
"China has a history of undermining encryption technology to perform political censorship and surveillance," researcher Jeffrey Knockel wrote in the report.
Researchers also discovered the app's Android code contained an apparently inactive blacklist of over 2,400 "politically sensitive" phrases, and that it had a separate function to report other users' speech for "politically sensitive content".
But organisers denied ever requesting these functions, and said they have asked the developer to look into it.
They added that app health data would primarily be shared with virus control authorities, after the report claimed this was unclear.
"Use of data by individuals and departments is only permitted after the IOC confirms it," Yu said.
China maintains the world's most sophisticated digital tools to monitor and censor the internet for its citizens, blocking major Western platforms such as Twitter, Facebook and YouTube.
In recent days, Olympic associations in multiple Western countries have warned athletes to leave personal devices at home and bring "burner" phones to China.
Analysts have also warned of cybersecurity risks such as data theft and surveillance targeting attendees using public Wi-Fi networks and official SIM cards provided by organisers.
However, organisers and the Chinese government have dismissed such concerns as unfounded.
"The government will not monitor individuals' phones in any form," Yu said.
The app also provides a range of daily living services for users, such as translation, weather, transport schedules and accommodation booking.
P.M.Smith--AMWN