Welcome to the Burner Phone Olympics

Advertisement

The FBI further advises anyone headed to China to regularly update VPNs, network equipment, and devices and recommends auditing logs for new users of services and admin accounts within systems. The security precautions do not extend beyond what diplomats and members of NGOs that travel to China might expect, but these measures have drawn increased attention as Beijing hosts the games and the influx of foreigners associated with them. “What is totally normal in China, for reporters who have to work in a hazardous operating environment, is not normal for the Olympics,” says Minky Worden, the director of global initiatives at Human Rights Watch, who used to live and work in Hong Kong.

Advertisement

During the Olympic fortnight, athletes and others working at the events—no foreign spectators are attending—must stay within a strict bubble as part of China’s strict Covid-19 measures. The bubble, known as the “closed loop,” comprises media centers, hotels, athlete villages, and the venues of the events themselves. Everyone within the loop must stay there for the duration of the games.

One specific security concern is the official Olympics app, MY2022. All of those within the loop are required to use the app to monitor their travel data and health information—including daily Covid-19 test results and vaccination status. Research from the University of Toronto’s Citizen Lab found that the app isn’t transparent about where it sends sensitive personal data; has an encryption flaw; and includes a sensitive keyword list that is designed to block condemnations relating to Xinjiang, Tibet, and Chinese agencies. The censorship list—bundled as the file “illegalwords.txt” on Android—didn’t appear to be active when it was found, Citizen Lab’s research says. “What they’re really looking for is any criticism against the Chinese government,” says Kathy Stearman, a former FBI agent who says she was surveilled while living in China. “The Chinese government knows that the rest of the world is looking at them because of the Uyghur situation.”

Advertisement

The FBI’s cybersecurity advisory doesn’t specifically name the MY2022 app as a threat but warns of the increased risk that sort of system presents. “The download and use of applications, including those required to participate or stay in country, could increase the opportunity for cyber actors to steal personal information or install tracking tools, malicious code, or malware,” it says. A spokesperson for the International Olympic Committee (IOC), which organizes the games, says it is up to each country to provide security advice to their athletes.

Advertisement