Security Flaws Seen In China's Mandatory Olympics App For Athletes

schwit1 writes: The mandatory smartphone app that athletes will use to report health and travel data when they are in China for the Olympics next month has serious encryption flaws, according to a new report, raising security questions about the systems that Beijing plans to use to track Covid-19 outbreaks.

Portions of the app that will transmit coronavirus test results, travel information and other personal data failed to verify the signature used in encrypted transfers, or didn't encrypt the data at all, according to the report by Citizen Lab, a University of Toronto cybersecurity watchdog. The group also found that the app includes a series of political terms marked for censorship in its code, though it does not appear to actively use the list to filter communications.

And Olympic Athletes will be punished if they engage In Wrong Speak.

Mandatory Apps

[Anonymous Coward]

Isn't it pretty much inevitable that any Mandatory App is going to be mostly downsides and low on the upsides? They pretty much have to suck; that's the whole reason they're made mandatory. If they were useful, you wouldn't have to make people use it.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[splutty]

Or talk to No Such Agency. I mean.. They all do it..

Re:

[account_deleted]

Comment removed based on user account deletion

Don't do it...

[Anonymous Coward]

If I were an athlete, I think I'd skip this Olympics. China is just way too shady. Do you want to end up like John Cena [youtube.com]? Or worse, since you'll be on Chinese soil, they could do anything to you [visiontimes.com] when you really think about it...

Re:

[AmiMoJo]

That doesn't make sense. The app sends the data to the Chinese government so it can manage COVID testing. The flaws allow OTHER governments to access the data.

I think we can chalk this one up to incompetence. The inclusion of a list of banned words is probably because whoever wrote it imported some massive code libraries that include a censorship function among many others, suggesting that they didn't really know what they were doing.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[AmiMoJo]

Yes, there are trolls abusing the moderation system.

Re:

[Spamalope]

The flaws give cover if questionable/criminal uses are made of the data. 'someone else did it!'

Censorship lists are an indicator censorship is pervasive, and censorship & reporting is probably in every communication library function. This is just one pebble in a mountain of evidence of that.

Boycot the games - it's not safe for athletes

[Anonymous Coward]

Athletes should just not go -- it's unsafe - they will have no freedom at all in China, and will be subject to their capricious laws.

I won't step foot in China ever again.

Re:

[El Fantasmo]

Agreed, there a whole 'host' of reasons the Olympic games should never have been or should be play in China, among others.

Re:

[MrL0G1C]

And to cap it off, athletes should just shun the Olympics altogether, it has a shitty history, it shouldn't of been in Nazi Germany and it shouldn't be in China now. At the end of the day, the Olympics is just one huge advertising frenzy, it's absurdly pro-corporate and doesn't care how bad a regime is that wants to host the Olympics. The Olympics isn't about sport, it's about money and products.

Is it a flaw if it's on purpose?

[zuckie13]

I'd have to be convinced security is a primary concern to call it a flaw vs a "just doesn't matter since we're getting the info anyway" mentality.

Re:

[Cajun Hell]

They say never attribute to malice what can be attributed to stupidity. Though this is malice, being called stupid is almost more shameful (since malice is so fashionable), so might get better results.

Let's hope it gets totally hacked

[Bruce66423]

100% Covid positive would probably cause enough confusion to result in some very red faces. Unfortunately it might also result in the execution of a few of the programmers who failed to encrypt it properly. Nice people, Chinese Communists.

Black power salute

[Alain Williams]

I wonder if any olympian would have the courage to do something like the 1968 Olympics Black Power salute [wikipedia.org] but aimed at Chinese human rights abuses ? The reaction of the CCP would be interesting: this is a high profile event, would they black out the TV; the olympian would be high profile - how would they sanction him ?

Re:

[AmiMoJo]

It's going to be an interesting year for sport. As well as the Winter Olympics, we have the Qatar 2022 World Cup (football). In Qatar a lot of stuff is banned, including homosexuality (for men). You can bet there will be protests.

Re:

[Miles_O'Toole]

I understand they ran up quite a body count building the facilities, too. Qatar is not, apparently, a great place to be a "guest worker".

Re:Black power salute

[Miles_O'Toole]

I doubt even one second of the Olympic Games will be broadcast without a time delay in China, so it would be relatively simple to have a little "oopsie" during a given part of an event or medal ceremony. Through the International Olympic Committee, participating countries have already agreed that political messages of any kind are forbidden on clothing and equipment. I don't doubt most would go the extra mile to self-censor in order to stay on China's good side. Look at how Apple, Google, Facebook and a bunch of other major corporations have licked the Chinese government's boots in return for access to their market.

Most Chinese people are unaware that anything unusual ever happened in Tienanmen Square. Creating a new reality for the Olympics will be easy-peasy inside the country, and probably not all that difficult outside it.

Re:

[spitzak]

It would almost certainly get blacked out in China, while being totally visible elsewhere (since the blackout would look obviously bad). Future coverage will likely have it edited out, or consist 100% of this, depending on who is editing the documentary.

Re:

[Spamalope]

Making speeches about Tienanmen Square and Uighur genocide would be a nice start, not to mention Tibet.
In fact Remember the Tienanmen Square massacre might be a nice team jersey slogan.

Re: Black power salute

[sectokia]

They have a delay of several minutes on all the footage. Remember this is not their first rodeo. They pulled all this stuff in 2008 and no one cared back then and they wonâ(TM)t care now. Heck, in 2008 their own people protested at various venues and were simply rounded up quietly off camera.

Intolerable that others want to punish Wrong Speak

[gacattac]

China wants to punish Wrong Speak. This is wrong. ONLY we should be able to punish Wrong Speak, such as claiming there are "only two genders": https://nypost.com/2021/11/15/... [nypost.com]

We shall have the power. We shall define the Wrong Speak. We shall punish. US.

China shall not have the power. China shall not define the Wrong Speak. China shall not punish. NOT them.

We decide what speech shall be punished, and we'll do the punishment. If anyone else thinks they can, we'll wage a society-wide hybrid war against them until they agree that ONLY us shall have that power.

Re: Intolerable that others want to punish Wrong S

[IdanceNmyCar]

I oddly like you...

Nothing New Here

[WankerWeasel]

There have already been other articles that discuss this more. About how the US is recommending no athletes bring their phones and they should get burners to use while they're there and need to use the app.

Most of the censorship is for Chinese languages

[WillAffleckUW]

Kind of like their news coverage, actually

Filter? No. But ...

[fahrbot-bot]

The group also found that the app includes a series of political terms marked for censorship in its code, though it does not appear to actively use the list to filter communications.

Filter? No. But report the phone/user to China's security services? Probably.

Is it in the App Store?

[ayesnymous]

Anyone want to verify this story?