The Beijing 2022 Winter Olympics are just around the corner and an acceptable influx of tourists, athletes and government representatives is expected, something that could be an advantage for cybercriminal groups.
According to a report, all athletes participating in the event must comply with Chinese health measures and register with the “My 2022” mobile app; nonetheless, the app is reportedly lacking of the adequate security measures, leaving athletes, journalists and government officials vulnerable to data theft and other hacking variants.
Like the Tokyo 2020 Summer Olympics, this sporting event will take place in the midst of the COVID-19 pandemic, so it is necessary to monitor the athletes and other people involved in the event. To do this, the Chinese government created “My 2022” platform, integrated by a mobile app and a website to keep a detailed record of any cases of infection in order to prevent a massive outbreak.
A digital forensics firm recently discovered that the app features a list of keywords to leak. This platform combines contact tracing with other services aiming to regulate access to events, act as a visitor guide with information on sports venues and tourist services, as well as chat feature, news and file transfer functions.
A group of experts examined the app and found it vulnerable to electronic theft. The app’s SSL certificates are not validated, which means the app has serious encryption flaws. As a result, the app could be “tricked” into connecting with a malicious host, allowing it to intercept information or even send infected data to the app.
Errors involve not only health data, but other important application services as well. This includes the service that processes all attachments, as well as the transfer of voice notes. The report also revealed that, in some services, the platform’s data traffic is not encrypted at all, leaving thousands of records exposed to hackers.
The revelations come at a time when international concern about digital security at these Olympics is growing; Germany, Australia, the United Kingdom and the United States have urged their athletes and officials to leave their personal devices at home in fear of cyber spying campaigns.
Although the security problems were reported to the organizing committee, neither this entity nor the Chinese government has mentioned anything about it.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.