The FBI urged all U.S. athletes competing in the Olympic Games in Beijing to leave their phones behind, warning of cybersecurity threats from technology linked to Chinese Communist Party repression.
The bureau warned Monday night of “potential threats associated with mobile applications developed by untrusted vendors” and said those going to Olympics this month and the Paralympics in March should leave their personal devices home and consider burner phones instead.
“The download and use of applications, including those required to participate or stay in country, could increase the opportunity for cyber actors to steal personal information or install tracking tools, malicious code, or malware,” the bureau’s alert said. “The FBI urges all athletes to keep their personal cell phones at home and use a temporary phone while at the Games.”
Similar warnings have been issued in other Western countries.
WRAY SAYS THREAT POSED BY CHINA IS ‘MORE DAMAGING THAN EVER BEFORE’
The 2022 Games have been dubbed the “Genocide Olympics” by critics who believe the competition should not be held in a country responsible for a host of human rights abuses. The United States concluded that the CCP is conducting a genocide against Uyghur Muslims and other minorities in Xinjiang in Western China.
The Chinese companies that attendees at the Olympics will likely need to rely upon for basic telecommunications, translation, and internet services are linked to China’s military, Uyghur repression, or China’s broader surveillance apparatus. And the daily health app that Olympians must use has been accused of significant security flaws.
“The use of new digital infrastructure and mobile applications, such as digital wallets or applications that track COVID testing or vaccination status, could also increase the opportunity for cyber actors to steal personal information or install tracking tools, malicious code, or malware,” the FBI warned. “Athletes will be required to use the smartphone app, My2022, which will be used to track the athletes’ health and travel data.”
Everyone attending the Olympics in Beijing is required to submit his or her health status through My2022 each day. The app is owned by the state-owned Beijing Financial Holdings Group, which says it is run by a board of directors and a CCP committee. The company chairman is Fan Wenzhong, who is also the secretary of the company’s CCP committee.
Citizen Lab, a Toronto-based cyber research group, released a report this month concluding that the My2022 app “has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped” and that “health customs forms, which transmit passport details, demographic information, and medical and travel history, are also vulnerable.”
The research lab said My2022 also includes features allowing users to report “politically sensitive” content, with “a censorship keyword list, which, while presently inactive, targets a variety of political topics including domestic issues such as Xinjiang and Tibet.” Citizen Lab said the app may violate Google and Apple rules or even Chinese laws.
Citizen Lab said My2022 collects users’ demographic information and passport information, as well as the organization to which they belong.
The International Olympic Committee defended the app, saying two outside groups had assessed My2022 and found no security flaws with it, calling the app “an important tool in the toolbox of the COVID-19 countermeasures.”
The IOC itself has partnerships with companies that have been linked to the Chinese government, implicated in using forced Uyghur labor in Xinjiang, and have faced U.S. scrutiny as national security threats.
The U.S. Olympic Committee previously told athletes that “there should be no expectation of data security or privacy while operating in China.”
There are several other Chinese tech companies that could be causes for concern at the Olympics.
- The translation services provider for the Beijing Olympics, known as iFlytek, is a voice recognition firm with a long history of assisting China’s Ministry of State Security and local Chinese police in Xinjiang and elsewhere. It has been blacklisted by the U.S. for helping the CCP spy on Uyghur Muslims.
- The Federal Communications Commission banned China Unicom from the U.S. market last week, labeling the Chinese military-linked company a national security threat as it is set to be the telecommunications provider at the Olympics.
- The IOC chose Alibaba as its exclusive provider of cloud services at the Olympics, even though the Chinese tech giant is regarded by the U.S. as a possible national security threat.
The bureau also warned that ransomware and distributed denial-of-service attacks aimed at disrupting broadcasts were possible. Other cyber targets could include hotels, mass transit providers, ticketing services, and event security infrastructure, the FBI said.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
The recommendations from the bureau came at the same time as FBI Director Christopher Wray gave a speech in which he warned about the growing China threat.
