Fears for the cybersecurity of athletes at the Beijing Winter Olympics are growing. The United States and several other Western countries are calling on their athletes to be vigilant, even advising the use of disposable phones.
From February 4 to February 20, the city of Beijing returns to the Olympic Games. After hosting the 2008 Summer Games, the Chinese capital is set to become the first city in the country’s history to also host the Winter Games. In addition to the Covid-19 pandemic which is disrupting the organization of the event, this return to China seems to be worrying many countries. The National Olympic Committees of several Western nations, including the United States, Great Britain, Canada or the Netherlands, fear spying on their athletes and call for caution.
Disposable phones for some, lockers for others
The Wall Street Journal reports that the United States has advised its athletes not to bring their usual phones or computers. Instead, they recommend opting for disposable devices to avoid security or surveillance risks. Similar opinions have been issued by the national Olympic committees of Canada, the Netherlands or the United Kingdom. According to The Guardian, the Dutch Olympic Committee has even chosen to provide laptops and telephones which will be destroyed when the athletes return.
In France, Le Parisien recently announced that tricolor athletes had “received vigilance instructions around their personal data”. In an opinion, the Olympic and Paralympic Committee of the United States ensures that it is necessary “assuming that every text message, email, online visit and app access can be monitored”. And to add: “Your device(s) may also be compromised by malware, which could negatively impact their future use”.
These concerns are far from new when it comes to discussing China. A feeling reinforced by the strong tensions between the United States and the country led by Xi Jinping, as evidenced by the Huawei affair. In recent days, the Canadian research laboratory Citizen Lab has also alerted to the existence of flaws in the application that participants must use. A specialist in cybersecurity issues, he believes that the mandatory My2022 app does not sufficiently protect personal data and has two major flaws.
Did China sabotage its app for surveillance purposes?
The first concerns SSL certificates which must guarantee the security of the connection and the protection of data. The My2022 application is unable to validate them, which constitutes a serious security breach with the possibility for hackers to access its data. The second flaw comes from the fact that certain information is transmitted without any encryption or security. They are therefore more vulnerable and likely to be misused.
“China is notorious for undermining encryption technologies in order to practice political censorship and surveillance”, says the author of the study, Jeffrey Knockel. He feels he “is reasonable to wonder if the encryption of the data of this application was not deliberately sabotaged for surveillance purposes or if it is the result of the negligence of the developers”.
In response to these fears, the organizing committee of the Games told AFP that these concerns “were not based on any evidence” and wants to be reassuring about the use of My2022. Same story on the side of the International Olympic Committee (IOC), which believes that two bodies specializing in cybersecurity had tested the application and had not detected any “crucial vulnerability”. This will not have been enough to convince many Western countries.