A health-monitoring app for Olympic attendees reportedly has glaring security issues
claiming that an app many attendees are using has major security issues. The Citizen Lab, a research facility based at the University of Toronto's Munk School of Global Affairs and Public Policy, said a"simple but devastating flaw" made it easy to bypass encryption systems that are supposed to protect voice audio and file transfers.
"The IOC has conducted independent third-party assessments on the application from two cyber-security testing organizations," the IOC told Engadget in a statement."These reports confirmed that there are no critical vulnerabilities." The IOC noted that instead of using the mobile app, attendees can access a web-based health monitoring system. It said it has requested the researchers' report"to understand their concerns better.
Along with determining that the app doesn't encrypt some data transmissions, the team found that the app fails to validate some SSL certificates. In such cases, the app can't"validate to whom it is sending sensitive, encrypted data." Although they were only able to create an account on the iOS app, the researchers believe the vulnerabilities exist on the Android version of MY2022 as well.
An updated iOS version of the app that was released on Sunday didn't solve the problems. According to the researchers, the developers added a feature called “Green Health Code” that asks for more travel and medical history details, which are also vulnerable to the SSL certification issue.
Deutschland Neuesten Nachrichten, Deutschland Schlagzeilen
Similar News:Sie können auch ähnliche Nachrichten wie diese lesen, die wir aus anderen Nachrichtenquellen gesammelt haben.
The UK Government is reportedly preparing a PR blitz against end-to-end encryption | EngadgetThe UK Home Office is reportedly planning ads to mobilize public opinion against end-to-end encryption using what critics called 'scaremongering' tactics..
Weiterlesen »
AVAX, Matic and Wrapped BNB and Ethereum Have Critical Vulnerability on Multichain, 450 ETH StolenCritical vulnerability on MultichainOrg affects six tokens, including $AVAX and $MATIC. Reportedly $1.4 million worth of users' funds stolen
Weiterlesen »
Brazil is in water crisis — it needs a drought planTo avoid crop failures and soaring power costs, Brazil needs to diversify sources, monitor soil moisture, model local hydroclimate dynamics and treat water as a national security priority.
Weiterlesen »
Brazil is in water crisis — it needs a drought planTo avoid crop failures and soaring power costs, Brazil needs to diversify sources, monitor soil moisture, model local hydroclimate dynamics and treat water as a national security priority.
Weiterlesen »
Brazil is in water crisis — it needs a drought planTo avoid crop failures and soaring power costs, Brazil needs to diversify sources, monitor soil moisture, model local hydroclimate dynamics and treat water as a national security priority.
Weiterlesen »
Elon Musk claims accounts tracking his travel plans ‘becoming a security issue’Musk addressed the situation in response to a tweet from Sawyer Merritt, a self-identified Tesla investor who had apologized for sharing a post claiming Musk planned to travel to Berlin, Germany.
Weiterlesen »