Security researchers spot flaws and surveillance in official Beijing Olympics app — Radio Free Asia

As the ruling Chinese Communist Party (CCP) prepares to host the 2022 Winter Olympics from Feb. 4, security researchers in Canada have uncovered ‘serious security flaws’ in a mandatory app for all participants.

The app, “MY2022”, is mandated to be used by all participants in the Beijing 2022 Olympics, and contains a “simple but devastating flaw” where encryption protecting users’ voice and file transfers may be trivially circumvented, the Toronto-based company Citizen Lab reported.

While the app is transparent about the types of data it collects from users in its public-facing materials, it doesn’t specify which organizations it will share sensitive medical data with.

Researchers have discovered serious flaws in the app that could easily make audio files, customs data, medical records and travel history vulnerable to hacking.

It also includes a feature that allows users to report “politically sensitive” content, including any mention of rights abuses in Xinjiang and Tibet.

More than 180 human rights groups have called on governments to boycott the Games over the past year, arguing their participation would legitimize a regime engaged in what the US has called genocide against the people Uyghur from Xinjiang.

The uncertain fate of tennis star Peng Shuai, who disappeared from the public eye after posting sexual abuse allegations against former Vice Premier Zhang Gaoli, only to reappear in photos, videos and interviews carefully scrutinized in pro-CCP media, also cast a shadowy eye on the event, with the Women’s Tennis Association suspending all tournaments on Chinese soil following the incident.

Citizen Lab has warned that any online platform operating in China is legally required to monitor content released on its platforms or face penalties, and the My2022 app will be no exception.

In addition to functioning as a social media platform, the My2022 app can also be used to submit required health customs information for people visiting China from abroad, which includes submitting passport details, demographic information, as well as medical and travel history, he said.

According to report author Jeffrey Knockel, the app transmits data in a “highly insecure” manner, and personal information can easily be intercepted or diverted to untrusted hosts, with users powerless to prevent it.

Kyle Matthews, executive director of the Genocide and Human Rights Institute in Montreal, said the results show that anyone participating in the Beijing Olympics will be subject to surveillance by Chinese authorities.

The Olympic logo is pictured painted on a factory chimney near the Olympic Freestyle Ski and Snowboard Complex outside Beijing on January 13, 2022. Credit: AFP

Olympic Blue’

Meanwhile, the CCP is mobilizing huge swathes of industry to shut down ahead of the Games, in a bid to secure dazzling skies over Beijing, known satirically online as “Olympic Blue”.

In the northern industrial city of Tangshan, factories for cement, steel and other heavy industries have been ordered to close, with similar notices issued to polluters in Beijing, Tianjin and Hebei.

Chen Gang, deputy director of the East Asian Institute at the University of Singapore, said similar orders had preceded most major events in China in recent years, including the Asia-Pacific Economic Cooperation (APEC) forum. .

“But because it’s done as a political campaign, the institutional and root causes of pollution aren’t addressed,” Chen said. “The air quality after the event generally returns to what it was before the event, or even increases.”

He said some of the pollution is being moved to other parts of China.

“To ensure good air quality in Beijing, they relocate some factories to other provinces, but the pollution source still exists elsewhere in China,” Chen said. “It’s just a geographical displacement: it does not eliminate pollution.”

Translated and edited by Luisetta Mudie.

Jennifer C. Burleigh