Security News

The mobile app that all attendees and athletes of the upcoming Beijing Winter Olympics must use to manage communications and documentation at the event has a "Devastating" flaw in the way it encrypts data that can allow for man-in-the-middle attacks that access sensitive user information, researchers have found. MY2022 is an app mandated for use by all attendees - including members of the press and athletes - of the 2022 Olympic Games in Beijing.

The official app for Beijing 2022 Winter Olympics, 'My 2022,' was found to be insecure when it comes to protecting the sensitive data of its users. Finally, the app violates China's own laws regarding privacy protection.

The US Dept of Commerce's Bureau of Industry and Security has added 27 companies to its list of entities prohibited from doing business with the USA on grounds they threaten national security - and one of the firms is associated with HPE's Chinese joint venture H3C. A preliminary announcement [PDF] of the bans lists a company named New H3C Semiconductor Technologies Co., Ltd on the grounds of its "Support of the military modernization of the People's Liberation Army.". The addresses given by Uncle Sam for this semiconductor business matches those listed on the website of H3C, the Chinese company formed as a joint venture between HPE and Tsinghua Unigroup to build networking products.

China's Ministry of State Security released details this week of three alleged security breaches that saw sensitive data illegally transferred abroad. State-sponsored Xinhua News Agency described the breaches as "Endangering the security of important data" and said by disclosing them, the Ministry sought to build awareness of non-traditional security and, by doing so, better maintain national security. The announcement, which deliberately coincides with the seventh anniversary of the country's anti-espionage law, described airline data stolen by an overseas intelligence agency, shipping data collected by a consulting firm that provided it to a foreign spy agency, and the construction of weather devices to transfer sensitive meteorological data abroad. It is unclear whether one or more foreign intelligence agencies conducted the alleged attacks, or if the actions were linked.

China's Ministry of Industry and Information Technology has responded with mild indignation to the USA's decision to revoke the operating licence that allowed China Telcom to operate in the land of the free. In a Wednesday statement, the Ministry accused the USA of using national security as a pretext for banning Chinese companies, complained that evidence of China Telecom's alleged misdeeds has not been furnished, and that the ban breaches international trade rules.

China's Central Cyberspace Affairs Commission has named 84 apps it says breach local privacy laws and given their developers 15 days to "Rectify" their code. The Commission has posted two lists of apps it says need fixing, fast.

The highest-ranked officer in India's armed forces has admitted that China has cyber-war capabilities that can overwhelm his nation's defenses and suggested that only cross-forces collaboration will get India to parity with its giant neighbor. General Bipin Rawat, a four-star general and since 2020 the first to hold a new role of chief of defense staff, offered that assessment yesterday in a talk hosted by Indian think tank the Vivekananda International Foundation.

Chinese state security agencies will also operate in Hong Kong for the first time, and the local police force will be able to intercept communications and spy on suspects, with the approval of Hong Kong's chief executive. The legislation will apply not just within inside Hong Kong but overseas too, meaning foreign nationals who speak against Beijing could be prosecuted upon entering Hong Kong or mainland China.

CCTV equipment maker Xiongmai effectively built a poorly hidden, insecure backdoor into potentially millions of surveillance devices, it is claimed. A hardware probester going by the name of Vladislav Yarmak alleged this week that China-based Xiongmai - best known for its wide-open security cameras - left a remote debugging and management tool in its firmware, which is used in network-connected surveillance video recorders.

Developers warned not to overindulge in personal data China's Internet Society chapter has warned local internet app-makers to tone down their collection of personal information.…