The My2022 app, which Beijing Olympics participants are required to use to submit health data, has been found to have some critical security vulnerabilities. Traffic to and from the app in which things like passport data and medical details are shared can be intercepted as a result.
Researchers from the University of Toronto have discovered this, Canadian news channel CBC reports.
The Citizen Lab discovered that the so-called SSL certificates in the app are not validated. That is the encryption used for security so that unauthorized persons cannot access information while it is being sent.
In addition, encryption of speech audio and file transfers can be bypassed. It also appears that server responses can be counterfeited, allowing hackers to send falsified instructions to users of My2022. Finally, sensitive keywords such as ‘Tibet’ and ‘Xinjiang’, referring to the situation of the Uyghurs, can be detected on the app.