Athletes, coaches and reporters traveling to China for the Winter Olympics could be hacked and at risk of digital surveillance and data theft.
The smartphone application "My2022" has major security gaps, as the renowned Citizen Lab of the University of Toronto announced on Tuesday after an investigation.
Every athlete and other travelers traveling to China because of the Winter Games beginning on February 4th must download the app in order to digitally prove that they are protected from Covid-19.
Christopher Becker
sports editor.
Follow I follow
According to the Canadian researchers, the encryption of user voices and data transfer is inadequate.
The vulnerability is "simple but destructive".
The organizing committee responsible for the app in China did not respond to such information.
The app also contains a text file that, if activated, could censor certain text content, for example with reference to Tibet or the Uyghurs in Xinjiang.
According to the Canadian researchers, the app could violate the guidelines of the Google and Apple app stores, but also the Chinese data protection guidelines.
Citizen Lab researchers say they alerted the Chinese organizers to the massive vulnerabilities in early December and, as is customary in such cases, gave them 45 days to fix them before publishing their findings.
The Citizen Lab researchers noted that it is unclear whether the vulnerability was intentionally placed to enable surveillance or whether it is a form of vulnerability common in Chinese apps that is due to negligence without the direct influence of the authorities.
Various national Olympic committees have in recent days advised their athletes or, in the Netherlands, instructed them to leave their private phones at home. The German Olympic Sports Confederation, which, together with the Federal Office for Information Security, informed its Olympic team on Wednesday about questions relating to digital security relating to the Games, has so far recommended that athletes use the app, into which data is imported 14 days before departure for China need to load onto the private cell phone.
In China, however, this should only be used in flight mode, i.e. offline. There, the German athletes should be able to access the cell phone provided by the Olympic sponsor Samsung via the International Olympic Committee (IOC). Whether the German athletes keep this after the games is up to them. The report on the security gaps should be considered when considering whether the Olympic participants want to pay the customs fees due for the device after their return.
The "My2022" app, which the Chinese Olympic organizers claimed before the Citizen Lab report was published on Tuesday, according to the German Press Agency, offers information about the Olympic Games. Above all, however, Olympic travelers should document their body temperature and well-being there every day, as well as the results of the mandatory PCR tests before departure and proof of any Covid vaccinations.
Maximilian Klein, responsible for international sports policy at Athleten Deutschland eV, told the FAZ that the analysis shows what “has been known for months: that there are serious security concerns in the context of these games, regardless of the background to the gap in encryption .
In this respect, a nightmare comes true.” China has “perfected its surveillance apparatus, makes critics disappear and commits blatant human rights violations.
Accordingly, the IOC would have to be prepared for all scenarios”.
The Citizen Lab report reveals that the Olympic organizers are insufficiently fulfilling their duty of care.
"It is inexplicable and irresponsible that the IOC obliges participants to use an app with blatant security gaps."