chinas olympics app for athletes has security flaws study says

China’s Olympics App for Athletes Has Security Flaws, Study Says

15Olympics app 01 facebookJumbo

In preparation for the 2021 Tokyo Olympics, Japan worked to develop a contact tracing app that would track foreign visitors, but concerns quickly mounted over bugs in the software and whether all visitors would own smartphones on which to install the app.

The Citizen Lab report said MY2022 failed to confirm a unique encryption signature with the server where it was transferring data. In effect, that meant hackers could intercept the data without Chinese officials necessarily knowing. Other parts of the app, like its built-in messaging service, failed to encrypt metadata, making it easy for owners of wireless networks or telecoms to detect which phone was messaging another and at what time.

“All the information you are transmitting can be intercepted, particularly if you are on an untrusted network like a coffee shop or hotel Wi-Fi service,” said Jeffrey Knockel, a research associate with Citizen Lab and one of the authors of the report. Sensitive information lifted in this way could be used for identity theft, Dr. Knockel added.

It’s not clear whether the security flaws were intentional or not, but the report speculated that proper encryption might interfere with some of China’s ubiquitous online surveillance tools, especially systems that allow local authorities to snoop on phones using public wireless networks or internet cafes. Still, the researchers added that the flaws were probably unintentional, because the government will already be receiving data from the app, so there wouldn’t be a need to intercept the data as it was being transferred.

“In using the app, you are already sending data directly to the Chinese government,” Dr. Knockel said.

The app also included a list of 2,422 political keywords, described within the code as “illegalwords.txt,” that worked as a keyword censorship list, according to Citizen Lab. The researchers said the list appeared to be a latent function that the app’s chat and file transfer function was not actively using.

Lists of censored words are common in Chinese social media apps, and work as a first line of defense in a multitiered censorship system designed to prevent the spread of unwelcome political topics.