image credit: pexels
The mobile app that all attendees and athletes of the upcoming Beijing Winter Olympics must use to manage communications and documentation at the event has a “devastating” flaw in the way it encrypts data that can allow for man-in-the-middle attacks that access sensitive user information, researchers have found.
MY2022 is an app mandated for use by all attendees – including members of the press and athletes – of the 2022 Olympic Games in Beijing. The problem is, it poses a significant security risk because the encryption used to protect users’ voice audio and file transfers “can be trivially sidestepped” due to two vulnerabilities in how it handles data transport, according to a blog post from Citizen Lab posted online Tuesday.
