Researchers had previously announced that they had identified a “simple but devastating” flaw.
Chinese officials have announced that the Winter Olympics app, which is mandatory for use, has now had a recently identified security flaw patched.
Researchers stated that a “simple but devastating” flaw they’d found made certain data leaks possible.
The Beijing games, which will begin in just over a week, are being held within a bubble that keeps participants separate from the rest of the population. This strategy was established to comply with the country’s strict zero-COVID-19 policy. The participants in the games, including everyone from officials to local volunteers and from the media to delegates and foreign athletes, are required to download the MY2022 Winter Olympics app.
The application is a health tracker through which users provide a daily health status update. That application, which collects data that includes everything from COVID-19 test results to vaccination status, and passport and other details.
Researchers from the Citizen Lab at the University of Toronto recently spotted a flaw in the Winter Olympics app.
According to those Citizen Lab researchers, the security flaw made it possible for data such as health information or even voice messages to be leaked. From there, “eavesdroppers” such as WiFi hotspot operators would be able to access them.
However, according to DigitalJournal, citing an AFP report, a senior official from the Beijing games confirmed that the associated flaw had been patched.
“There is definitely no data leakage,” said Yu Hong, technology chief of the Beijing Olympics Organizing Committee (BOCOG), also stating that the application’s privacy and user guidelines had undergone review by the International Olympic Committee (IOC). “The security loopholes have already been fixed. If they existed in earlier versions, they have been fixed in the latest version.”
The developers behind the MY2022 Winter Olympics app have been communicating with Citizen Lab via email, added Yu, confirming that “relevant discussions” would continue based on the follow-up patch that is now in place. While she didn’t deny that there had been security flaws present before the patch was issued, she indicated that BOCOG had not known that they were there.