IOC Reacts to Cybersecurity Concern Over Beijing My 2022 Phone App

IOC Reacts to Cybersecurity Concern Over Beijing My 2022 Phone App
Photo Credit: AP / TPG Images

What you need to know

A report revealed flaws in the Beijing 2022 Winter Olympics app, but the International Olympic Committee said it had been found to have “no critical vulnerabilities.”

By Kyle McKinnon

The IOC tells DW that China’s My 2022 smartphone app, meant for use by all athletes at the upcoming Beijing Winter Games, has been independently assessed by two cybersecurity testing organizations and found to have “no critical vulnerabilities.”

The International Olympic Committee’s statement followed DW’s exclusive story detailing cybersecurity flaws in the My 2022 app. The IOC told DW in an email response that it has requested the just-released report by the University of Toronto’s Citizen Lab detailing vulnerabilities to hacking, including some cyber safety measures that Citizen Lab says can be “trivially sidestepped.”

“The ‘My2022’ application is an important tool in the tool box of the Covid-19 countermeasures,” the IOC statement read. “The ‘My2022’ app supports the function for health monitoring.”

Citizen Lab maintains that it is the My 2022 app’s forms for transmitting a user’s health condition and medical history, plus his or her passport and travel data, as well as demographic information, that are among the app’s vulnerabilities to hackers.

Beyond that, Citizen Lab reports that server responses can be “spoofed,” allowing hackers to display fake instructions to users of the app.

Configurations and concerns

The IOC says the app can be configured by the user to disable access to features such as “files and media, calendar, camera, contacts,” as well as a user’s location, their phone, and their phone’s microphone. Whether most Olympic participants will take the time to configure the app to limit its uses, and potential vulnerabilities per the Citizen Lab, is a question for future study.

Some countries, including Germany, the Netherlands, and the United States have already warned athletes not to use, or even bring, personal phones, tablets, or laptops because of cybersecurity and surveillance concerns.

The IOC stated, “The user is in control over what the ’My 2022’ app can access on their device. They can change the settings already while installing the app or at any point afterwards.” It also says the app has received approval from the Google Play store for Android phones and the App Store for Apple phones.

‘Not compulsory’

Though Citizen Lab’s report stated that the app is “mandated,” the IOC says “it is not compulsory to install ‘My 2022’ on cell phones, as accredited personnel can log on to the health monitoring system on the web page instead.”

The IOC says the app is also being used by the “local Beijing 2022 workforce for time-keeping, task management, and instant messaging, hence the app is not only for international users.”

It adds, “We have requested the report of Citizen Labs to understand their concerns better.”

The German Olympic Sports Confederation responded with a statement saying it would not comment on reports regarding data security but would “cooperate with the German Federal Institute of Information Security (BSI).”

“Our athletes are being equipped with a smartphone from IOC partner Samsung in Beijing,” the statement read. “BSI recommends using My 2022 on these devices in China and deinstalling it at home. Without My 2022 there is no immigration into China according to the Beijing playbooks.”

This article was originally published on Deutsche Welle. Read the original article here.

READ NEXT: Taiwan’s GDP per Capita May Surpass Japan’s and South Korea’s—But Don’t Start Celebrating Yet.

TNL Editor: Bryan Chou (@thenewslensintl)

If you enjoyed this article and want to receive more story updates in your news feed, please be sure to follow our Facebook.