A health-monitoring app for Olympic attendees reportedly has glaring security issues | Engadget

claiming that an app many attendees are using has major security issues. The Citizen Lab, a research facility based at the University of Toronto's Munk School of Global Affairs and Public Policy, said a"simple but devastating flaw" made it easy to bypass encryption systems that are supposed to protect voice audio and file transfers.

"The IOC has conducted independent third-party assessments on the application from two cyber-security testing organizations," the IOC told Engadget in a statement."These reports confirmed that there are no critical vulnerabilities." The IOC noted that instead of using the mobile app, attendees can access a web-based health monitoring system. It said it has requested the researchers' report"to understand their concerns better.

Along with determining that the app doesn't encrypt some data transmissions, the team found that the app fails to validate some SSL certificates. In such cases, the app can't"validate to whom it is sending sensitive, encrypted data." Although they were only able to create an account on the iOS app, the researchers believe the vulnerabilities exist on the Android version of MY2022 as well.

An updated iOS version of the app that was released on Sunday didn't solve the problems. According to the researchers, the developers added a feature called “Green Health Code” that asks for more travel and medical history details, which are also vulnerable to the SSL certification issue.

United States Latest News, United States Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

The UK Government is reportedly preparing a PR blitz against end-to-end encryption | EngadgetThe UK Home Office is reportedly planning ads to mobilize public opinion against end-to-end encryption using what critics called 'scaremongering' tactics.. Half a mill to argue against something for the common good? Wow 😂. So that means end to end encryption is a good thing then.
Source: engadget - 🏆 276. / 63 Read more »

AVAX, Matic and Wrapped BNB and Ethereum Have Critical Vulnerability on Multichain, 450 ETH StolenCritical vulnerability on MultichainOrg affects six tokens, including $AVAX and $MATIC. Reportedly $1.4 million worth of users' funds stolen
Source: Utoday_en - 🏆 295. / 63 Read more »

Brazil is in water crisis — it needs a drought planTo avoid crop failures and soaring power costs, Brazil needs to diversify sources, monitor soil moisture, model local hydroclimate dynamics and treat water as a national security priority.
Source: Nature - 🏆 64. / 68 Read more »

Brazil is in water crisis — it needs a drought planTo avoid crop failures and soaring power costs, Brazil needs to diversify sources, monitor soil moisture, model local hydroclimate dynamics and treat water as a national security priority. it needs a hell of a lot more than that. Deixa de propagar mentiras! 50% das hidroelétricas abriram as comportas por excesso de água. A realidade que derruba a escuridão das mentiras.
Source: Nature - 🏆 64. / 68 Read more »

Brazil is in water crisis — it needs a drought planTo avoid crop failures and soaring power costs, Brazil needs to diversify sources, monitor soil moisture, model local hydroclimate dynamics and treat water as a national security priority. And California says: 'join the club.' Um the largest river in the world runs through Brazil, am I missing some important information here? Should leave the trees up 🌳🌳🌳🌳🌳🌳🌳🌳
Source: Nature - 🏆 64. / 68 Read more »

Elon Musk claims accounts tracking his travel plans ‘becoming a security issue’Musk addressed the situation in response to a tweet from Sawyer Merritt, a self-identified Tesla investor who had apologized for sharing a post claiming Musk planned to travel to Berlin, Germany.
Source: nypost - 🏆 91. / 67 Read more »