Home

Researchers say Games app can be hacked

AAPReuters
Researchers have raised concerns about an Olympics phone app that will share COVID-19 information
Camera IconResearchers have raised concerns about an Olympics phone app that will share COVID-19 information Credit: AP

A smartphone app built by China to monitor users' health at the Beijing Winter Olympics next month contains security flaws, according to a Canadian report.

The MY2022 app was built by the Beijing Organising Committee mainly to track and share COVID-19-related medical information among athletes during the Games.

Researchers with Toronto's Citizen Lab project said MY2022 failed to properly encrypt the transfer of personal data, leaving it vulnerable to hackers.

They also found that MY2022's privacy policy does not specify which organisations would share the users' information.

Get in front of tomorrow's news for FREE

Journalism for the curious Australian across politics, business, culture and opinion.

READ NOW

The International Olympic Committee (IOC) said it had conducted independent assessments on the application and had not found any "critical vulnerabilities".

"It is not compulsory to install 'My 2022' on cell phones," the IOC said in a statement.

The Game AFL 2024

Yu Hong, the director general of the committee's technology department, said on Wednesday that the main function of the app is to monitor people's health and the country follows strict rules to protect data.

All of the MY2022 app's technology aspects have been validated by relevant app stores, the Beijing 2022 official said.

Yu added that technology vulnerabilities were natural when developing this kind of app, which her department was constantly updating.

The Citizen Lab researchers said they found the flaws in the iOS version of the app after creating an account in it. They were unable to set up an account in the Android version but said the security flaws existed in both versions of MY2022.

The report said MY2022 failed to validate SSL certificates, which are needed to authenticate a website's identity and enable encrypted connection. This can be exploited by hackers to transmit the data to malicious sites.

Citizen Lab said it had informed the Beijing Winter Olympics Organising Committee on December 3 of its security concerns, but had not received any response.

The Olympics are set to begin on February 4.

Get the latest news from thewest.com.au in your inbox.

Sign up for our emails