The IOC has been criticised for using the "My2022" smartphone app "with such glaring security vulnerabilities" ©Beijing 2022

The International Olympic Committee (IOC) has been branded "irresponsible" for requiring participants to use an application devised to monitor the health of attendees at the 2022 Winter Olympics in Beijing "with such glaring security vulnerabilities".

Athleten Deutschland has hit out at the IOC after a report by a watchdog group raised serious cybersecurity concerns with the "My2022" smartphone app.

Research carried out by the Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto in Canada, found that My2022 has a "simple but devastating flaw" that would make users’ sensitive information at risk of being hacked.

Athletes, officials and other attendees of the Games are asked to start using the app 14 days before flying to the Chinese capital as part of Beijing 2022’s COVID-19 countermeasures.

Once downloaded on their smartphones, users are required to submit health and travel information including COVID-19 test results and vaccination certificate.

The multi-functional app also allows attendees to transfer files, find out the latest news and weather from Beijing and offers video and audio chat tools.

However, Citizen Lab examined the app and found that a "simple but devastating flaw" allows the encryption protecting users’ voice audio and file transfers to be "trivially sidestepped".

The report raises concerns that the sensitive data could be read by any "passive eavesdropped" and claims server responses can be "spoofed" to allow a hacker to provide fake instructions to users.

Jeffrey Knockel, author of Citizen Lab, claimed the "worst-case scenario is that someone is intercepting all the traffic and recording all the passport details, all the medical details".

The IOC insisted there are "no critical vulnerabilities" with the app, insisting it had conducted "independent third-party assessments".

Citizen Lab examined the My2022 app and found a
Citizen Lab examined the My2022 app and found a "simple but devastating flaw" amid concerns that the Chinese Government will use it as a surveillance tool ©Getty Images

But Athleten Deutschland has criticised the IOC amid fears over surveillance by Chinese authorities.

"For a long time, there have been concerns that athletes and others could be spied on and subjected to surveillance," the statement from Athleten Deutschland read.

"The revelations about the glaring IT security vulnerabilities of the My2022 app confirm our long-held fears.

"China has perfected its surveillance apparatus, has critics disappear, and commits blatant human rights violations.

"We should not be naïve and lightly dismiss scenarios that are unimaginable to us.

"Instead, the organisers and the IOC should be prepared for all conceivable scenarios - be it possible manipulation of Corona tests, surveillance and espionage, or reprisals against vocal athletes."

Athleten Deutschland urged athletes to "protect themselves" by not taking personal devices, including mobile phones and laptops, to Beijing.

"It is inexplicable and irresponsible of the IOC to require participants to use an app with such glaring security vulnerabilities," the statement added.

Knockel said the report also found a censorship keyword list where users could report "politically sensitive" content.

The build-up to the Winter Olympics in Beijing has been dominated by human rights concerns in China ©Getty Images
The build-up to the Winter Olympics in Beijing has been dominated by human rights concerns in China ©Getty Images

A list of 2,442 keywords was discovered, including words in the Uygur and Tibetan languages while others related to topics like Xingjiang and Tiananmen Square.

The Citizen Lab found that the list was currently inactive but built into the app.

"We don't know whether they intended for it to be inactive or whether they intended for it to be active, but either way, it's something that … can be enabled at the flick of a switch," said Knockel.

The IOC revealed that it had requested to see the report of Citizen Labs to "understand their concerns better" but defended the app, insisting "special measures needed to be put in place to protect the participants" at Beijing 2022.

"The My2022 application is an important tool in the tool box of the COVID-19 countermeasures," a statement from the IOC read.

"The My2022 app supports the function for health monitoring.

"It is designed to keep Games-related personnel safe within the closed loop environment."

Beijing is scheduled to play host to the Winter Olympics in less more than two weeks' time ©Getty Images
Beijing is scheduled to play host to the Winter Olympics in less more than two weeks' time ©Getty Images

The IOC insisted the user is in control over what the My2022 app can access on their device and stressed that it had received the approval of the Google Play store and the App Store.

It also added that it was "not compulsory" to install the app onto mobile phones as the health monitoring system can be accessed on the web page instead.

"The IOC has conducted independent third-party assessments on the application from two cyber-security testing organizations," a statement the IOC read.

"These reports confirmed that there are no critical vulnerabilities."

The publication of Citizen Lab’s report comes amid espionage concerns from National Olympic Committees (NOC).

NOCs in the United States, Germany, Britain, Canada and The Netherlands have also advised athletes not to take personal devises including phones and laptops prior to leaving for the Winter Olympics.

China allegedly operates a mass surveillance programme, where its citizens are constantly monitored by the Government.

The Chinese Government has long been accused of carrying out covert monitoring of non-Chinese residents when they enter the country.