Canada's University of Toronto-based cybersecurity watchdog Citizen Lab has detailed encryption flaws in the mandatory smartphone application China created for Winter Olympics athletes.
Portions of the MY2022 app that will transmit coronavirus test results, travel information, and other personal data did not confirm the signature used in encrypted transfers, or failed to encrypt metadata.
The Citizen Lab researchers suspect the flaws are unintentional, since the government will already be receiving data from the app, making in-transit data interception unnecessary.
The Beijing Organizing Committee reportedly has not responded to Citizen Lab's disclosure of the flaws, and a January update has not resolved the issues.
From The New York Times
View Full Article - May Require Paid Subscription