The article I read this week was from the New York Times, and it describes a mandatory app athletes must have while participating at this year’s Winter Olympics in China. The app, which is used to report health & travel data, has serious encryption vulnerabilities according to researchers. It was found that portions of the app used to transmit Covid results & travel information failed to verify the signature used in encrypted transfers, or didn’t encrypt data at all. The app, MY2022, was designed to keep athletes in China from the greater Chinese population in order to control Covid spread. Concerns with the app’s design underscore the broader worries of Censorship in China. When security flaws with the app were disclosed to Beijing, an update did not fix the issues, as they likely violated China’s personal data protection laws. Issues of nonexistent encryption have long been an issue for China’s tech industry, as they have the duty of protecting consumer data while also sharing it with government censorship programs. This is also not the first time a Covid-related application has suffered issues, either. They are often not secure or transparent, or they are rushed, which can lead to public distrust in health initiatives. Issues with MY2022 include hackers being able to intercept data, and it’s messaging service failing to encrypt metadata. The main concern is whether or not these flaws were intentional, because once again proper encryption may interfere with the Government being able to “snoop”.
The article I read this week was from the New York Times, and it describes a mandatory app athletes must have while participating at this year’s Winter Olympics in China. The app, which is used to report health & travel data, has serious encryption vulnerabilities according to researchers. It was found that portions of the app used to transmit Covid results & travel information failed to verify the signature used in encrypted transfers, or didn’t encrypt data at all. The app, MY2022, was designed to keep athletes in China from the greater Chinese population in order to control Covid spread. Concerns with the app’s design underscore the broader worries of Censorship in China. When security flaws with the app were disclosed to Beijing, an update did not fix the issues, as they likely violated China’s personal data protection laws. Issues of nonexistent encryption have long been an issue for China’s tech industry, as they have the duty of protecting consumer data while also sharing it with government censorship programs. This is also not the first time a Covid-related application has suffered issues, either. They are often not secure or transparent, or they are rushed, which can lead to public distrust in health initiatives. Issues with MY2022 include hackers being able to intercept data, and it’s messaging service failing to encrypt metadata. The main concern is whether or not these flaws were intentional, because once again proper encryption may interfere with the Government being able to “snoop”.
https://www.nytimes.com/2022/01/18/technology/china-olympics-app-security.html
-Alex Knoll