www.itpro.co.uk
Open in
urlscan Pro
143.204.98.129
Public Scan
Submitted URL: https://dennis.slgnt.eu/optiext/optiextension.dll?ID=04q0D61UrVQols65qdH962854AzZsreFGboLcXH4uA79DcbC37CjFp5q00rYfP9BHQ2...
Effective URL: https://www.itpro.co.uk/security/362010/ioc-defends-olympics-app-devastating-flaw
Submission: On February 04 via api from CH — Scanned from DE
Effective URL: https://www.itpro.co.uk/security/362010/ioc-defends-olympics-app-devastating-flaw
Submission: On February 04 via api from CH — Scanned from DE
Form analysis 3 forms found in the DOM
POST /search
<form action="/search" role="search" method="post" class="polaris__form polaris__search--form"><label for="polaris__search--input" class="polaris__label"></label><input type="search" name="search" value="" id="polaris__search--input"
placeholder="What are you looking for" class="polaris__input polaris__input--search" title="" aria-label=""><button type="submit" class="polaris__button -primary" disabled="" aria-label="Search" title="Search"></button></form>POST https://dennis.slgnt.eu/optiext/optiextension.dll?ID=MofMeN7jyuGShLcNaQZjt2R0PrNwdl85y9epNKwQKD67qFo2wdgsw249hZyuiJDnRzk5WqgEIoBCgWhEqf&BRANDS_NEWSLETTERIDS=CHP_STD,CLP_STD,ITP_USA,ITP_T20,ITP_TBB&NEWSLETTER_ID=ITP_STD&SUBSCRIBE_SOURCE=web0003itp&BRAND_CODE=ITP
<form
action="https://dennis.slgnt.eu/optiext/optiextension.dll?ID=MofMeN7jyuGShLcNaQZjt2R0PrNwdl85y9epNKwQKD67qFo2wdgsw249hZyuiJDnRzk5WqgEIoBCgWhEqf&BRANDS_NEWSLETTERIDS=CHP_STD,CLP_STD,ITP_USA,ITP_T20,ITP_TBB&NEWSLETTER_ID=ITP_STD&SUBSCRIBE_SOURCE=web0003itp&BRAND_CODE=ITP"
target="signup-frame" role="" method="post" class="polaris__form">
<div class="polaris__newsletter--form">
<div class="polaris__newsletter--headings">
<h3 class="polaris__heading polaris__newsletter--title">Get the IT Pro newsletter</h3>
<h4 class="polaris__heading polaris__newsletter--subtitle">Get the free daily newsletter from IT Pro, delivering the latest news, reviews, insights and case studies</h4>
</div>
<div class="polaris__newsletter--button-group"><label for="polaris__newsletter--input" class="polaris__label"></label><input type="email" name="mail" id="polaris__newsletter--input" placeholder="Your email address"
class="polaris__input polaris__input--email" title="Subscribe" aria-label="Subscribe" value=""><button type="submit" class="polaris__button -primary" aria-label="Subscribe" title="Subscribe">Sign up</button></div>
</div>
</form>POST https://dennis.slgnt.eu/optiext/optiextension.dll?ID=MofMeN7jyuGShLcNaQZjt2R0PrNwdl85y9epNKwQKD67qFo2wdgsw249hZyuiJDnRzk5WqgEIoBCgWhEqf&BRANDS_NEWSLETTERIDS=CHP_STD,CLP_STD,ITP_USA,ITP_T20,ITP_TBB&NEWSLETTER_ID=ITP_STD&SUBSCRIBE_SOURCE=web0003itp&BRAND_CODE=ITP
<form
action="https://dennis.slgnt.eu/optiext/optiextension.dll?ID=MofMeN7jyuGShLcNaQZjt2R0PrNwdl85y9epNKwQKD67qFo2wdgsw249hZyuiJDnRzk5WqgEIoBCgWhEqf&BRANDS_NEWSLETTERIDS=CHP_STD,CLP_STD,ITP_USA,ITP_T20,ITP_TBB&NEWSLETTER_ID=ITP_STD&SUBSCRIBE_SOURCE=web0003itp&BRAND_CODE=ITP"
target="signup-frame" role="" method="post" class="polaris__form">
<div class="polaris__newsletter--form">
<div class="polaris__newsletter--headings">
<h3 class="polaris__heading polaris__newsletter--title">Get the IT Pro newsletter</h3>
<h4 class="polaris__heading polaris__newsletter--subtitle">Get the free daily newsletter from IT Pro, delivering the latest news, reviews, insights and case studies</h4>
</div>
<div class="polaris__newsletter--button-group"><label for="polaris__newsletter--input" class="polaris__label"></label><input type="email" name="mail" value="" id="polaris__newsletter--input" placeholder="Your email address"
class="polaris__input polaris__input--email" title="Subscribe" aria-label="Subscribe"><button type="submit" class="polaris__button -primary" aria-label="Subscribe" title="Subscribe">Sign up</button></div>
</div>
</form>Text Content
WE VALUE YOUR PRIVACY
We and our partners store and/or access information on a device, such as cookies
and process personal data, such as unique identifiers and standard information
sent by a device for personalised ads and content, ad and content measurement,
and audience insights, as well as to develop and improve products.
With your permission we and our partners may use precise geolocation data and
identification through device scanning. You may click to consent to our and our
partners’ processing as described above. Alternatively you may access more
detailed information and change your preferences before consenting or to refuse
consenting.
Please note that some processing of your personal data may not require your
consent, but you have a right to object to such processing. Your preferences
will apply to this website only. You can change your preferences at any time by
returning to this site or visit our privacy policy.
MORE OPTIONSAGREE
Skip to ContentSkip to Footer
Menu
* Business
View all Business
* Acquisition
* Careers & training
* Data & insights
* Data protection
* Digital transformation
* Leadership
* Marketing & comms
* Policy & legislation
* Public sector
* VoIP
* Cloud
View all Cloud
* Cloud management
* Cloud security
* Cloud storage
* Hybrid cloud
* Infrastructure as a service (IaaS)
* Platform as a service (PaaS)
* Private cloud
* Public cloud
* Software as a service (SaaS)
* Virtualisation
* Hardware
View all Hardware
* Desktops
* Laptops
* Mobile phones
* Monitors
* Printers
* Routers
* Tablets
* Windows Migration
* Infrastructure
View all Infrastructure
* Backup
* Broadband
* Email providers
* Internet
* Internet of Things (IoT)
* Mobile networks
* Networking
* Servers
* Web hosting
* Security
View all Security
* Software
* Antivirus
* Cyber attacks
* Data breaches
* Encryption
* Firewalls
* Hacking
* Malware
* Privacy
* Ransomware
* Unified threat management (UTM)
* Software
View all Software
* Apple iOS
* Business apps
* Development
* Google Android
* Google Docs
* Linux
* Microsoft Office
* Microsoft Windows
* Open source
* Operating systems
* Windows Migration
* Technology
View all Technology
* Artificial Intelligence (AI)
* Augmented reality (AR)
* Blockchain
* Cognitive technology
* Cryptocurrencies
* Machine learning
* Neural network
* Smart city
* Voice assistants
* Voice recognition
* Resources
* .co.uk
* .com
News
* Home
* Security
IOC DEFENDS CHINA OLYMPICS APP AFTER 'DEVASTATING FLAW' REVEALED
THE APP MAY EVEN BE BREAKING GOOGLE AND APPLE’S APP STORE POLICIES WHEN IT COMES
TO PRIVACY, ACCORDING TO CITIZEN LAB
by: Zach Marzouk
19 Jan 2022
19 Jan 2022
Getty Images
The International Olympic Committee (IOC) has defender China’s MY2022 app for
the Olympic Games in Beijing after researchers found it contained a
"devastating" encryption flaw.
Due to the pandemic, China has decided to implement a “closed-loop” management
system and daily testing. All international and domestic attendees are mandated
to download MY2022 14 days prior to their departure for China and to start
monitoring and submitting their health status to the app on a daily basis.
* China to introduce cyber security reviews for companies listing overseas
* What is China’s Personal Information Protection Law (PIPL)?
* The government’s anti-encryption campaign shows it’s learned nothing from the
war on drugs
However, the flaw allows encryption protecting users’ voice audio and file
transfer to be trivially sidestepped, according to new research from Citizen
Lab. The app fails to validate SSL certificates, allowing an attacker to spoof
trusted servers by interfering with the communication between the app and
servers. This means it can be deceived into connecting to a malicious host,
allowing information it transmits to be intercepted and enabling the app to
display spoofed content that appears to originate from trusted servers.
GET THE IT PRO NEWSLETTER
GET THE FREE DAILY NEWSLETTER FROM IT PRO, DELIVERING THE LATEST NEWS, REVIEWS,
INSIGHTS AND CASE STUDIES
Sign up
The researchers also found that some sensitive data is transmitted without any
SSL encryption or any security at all. It transmits non-encrypted data to
“tmail.beijing2022.cn” on port 8099 which contain sensitive metadata relating to
messages, such as the names of messages’ senders and receivers, and their user
account identifiers. This data can be read by any passive eavesdropper, such as
someone operating an unsecured WiFi access point or an Internet Service
Provider.
The report said the app collects a range of highly sensitive medical information
and it is unclear with whom or which organisations it shares this information.
It also contains features that allow users to report politically sensitive
content, and contains a censorship keyword list which is presently inactive. The
keywords target political topics such as Xinjiang and Tibet as well as reference
to Chinese government agencies.
Citizen Lab stated that the app’s security deficits may not only violate
Google’s Unwanted Software Policy and Apple’s App Store guidelines but also
China’s own laws and national standards pertaining to privacy protection,
providing potential avenues for future redress.
The IOC told IT Pro that the user is in control over what the app can access on
their device, as the settings can be changed to configure access to specific
features like Files and Media, Camera, Contacts, Microphone, and more.
Related Resource
The top three IT pains of the new reality and how to solve them
Driving more resiliency with unified operations and service management
Free download
“The app has received approval of the Google Play store (Android/HarmonyOS) and
the App Store (iOS) too and is available for download,” said the spokesperson.
“It is not compulsory to install 'My 2022' on cell phones, as accredited
personnel can log on to the health monitoring system on the web page instead.”
The IOC added that it has conducted independent third-party assessments on the
application from two cyber security testing organisations, with the reports
confirming that there are no critical vulnerabilities. It said that many of the
app’s features are used for local Beijing 2022 workforce for time-keeping, task
management, and instant messaging, as the app is not only for international
users.
The IOC has requested the report from Citizen Lab to understand its concerns
better. IT Pro has contacted Google and Apple for comment.
* privacy
* encryption
* Security
* APAC
Share on FacebookShare on TwitterShare on LinkedInShare via Email
Featured Resources
Outlook 2022: Five priorities for boards, management & governance professionals
What’s driving the future of governance
Free Download
Oracle analytics for dummies
Freedom from data overload
Download now
Content syndication isn't dead, but your data processes might be
It's a new (lead) generation
Free Download
Seven leading machine learning use cases
Seven ways machine learning solves business problems
Free Download
RECOMMENDED
China to establish chipmaking platform to secure domestic chip supply chain
components
CHINA TO ESTABLISH CHIPMAKING PLATFORM TO SECURE DOMESTIC CHIP SUPPLY CHAIN
2 Feb 2022
2 Feb 2022
India to launch state-backed 'digital rupee'
digital currency
INDIA TO LAUNCH STATE-BACKED 'DIGITAL RUPEE'
1 Feb 2022
1 Feb 2022
FBI urges Olympic athletes to leave personal devices at home due to cyber risk
Security
FBI URGES OLYMPIC ATHLETES TO LEAVE PERSONAL DEVICES AT HOME DUE TO CYBER RISK
1 Feb 2022
1 Feb 2022
Japan and US to partner on 6G standards
Network & Internet
JAPAN AND US TO PARTNER ON 6G STANDARDS
31 Jan 2022
31 Jan 2022
MOST POPULAR
QNAP users angry after NAS drives are updated to combat DeadBolt ransomware
ransomware
QNAP users angry after NAS drives are updated to combat DeadBolt ransomware
28 Jan 2022
28 Jan 2022
Google Cloud to open new office in Pune, India
Cloud
Google Cloud to open new office in Pune, India
24 Jan 2022
24 Jan 2022
Microsoft warns of phishing campaign targeting OAuth tokens
phishing
Microsoft warns of phishing campaign targeting OAuth tokens
26 Jan 2022
26 Jan 2022
Skip to HeaderSkip to Content
* CloudPro
* ChannelPro
* About us
* Contact us
* Cookie Policy
* Privacy Policy
* Accessibility
* Privacy Preferences
* Do Not Sell My Information
GET THE IT PRO NEWSLETTER
GET THE FREE DAILY NEWSLETTER FROM IT PRO, DELIVERING THE LATEST NEWS, REVIEWS,
INSIGHTS AND CASE STUDIES
Sign up
ITPro is part of Future plc, an international media group and leading digital
publisher. Visit our corporate site www.futurenet.com
© Future Publishing Limited, Quay House, The Ambury, Bath BA1 1UA. All rights
reserved. England and Wales company registration number 2008885
Follow us on FacebookFollow us on TwitterConnect on LinkedIn