Grandparents killed in wrong-way crash on Hwy. 401 identified
A 60-year-old man and a 55-year-old woman killed in a wrong-way crash on Highway 401 earlier this week have been identified by the Consulate General of India in Toronto.
Researchers at a Toronto-based tech laboratory have uncovered security vulnerabilities and censorship frameworks in an app all 2022 Beijing Olympics attendees must use.
The Citizen Lab, a research institute at the University of Toronto's Munk School of Global Affairs and Public Policy that studies spyware, found a "simple but devastating" flaw in the MY2022 app that makes audio files, health and customs forms transmitting passport details, and medical and travel history vulnerable to hackers.
Researcher Jeffrey Knockel found 'MY2022' does not validate some SSL certificates, digital infrastructure that uses encryption to secure apps and ensures no unauthorized people can access information as it is transmitted.
This failure to validate means the app can be deceived into connecting with malicious hosts it mistakes as being trusted, allowing information the app transmits to servers to be intercepted and attackers to display fake instructions to users.
"The worst case scenario is that someone is intercepting all the traffic and recording all the passport details, all the medical details," said Knockel, a research associate, who investigated the app after a journalist curious about its security functions approached him.
Olympic organizers have required all games attendees, including athletes, spectators and media members, to download and start using the MY2022 app for submitting health and customs information like COVID-19 test results and vaccination status at least 14 days ahead of their arrival in China.
The app from a state-owned company called Beijing Financial Holdings Group also offers GPS navigation and text, video and audio chat functions and the ability to transfer files and provide news and weather updates.
Knockel found it's unclear with whom the app shares highly-sensitive medical information.
The Olympic playbook outlines that personal data such as biographical information and health-related data may be processed by Beijing 2022, International Olympic and Paralympic committees, Chinese authorities and "others involved in the implementation of the (COVID-19) countermeasures."
Knockel say MY2022 outlines several scenarios where it will disclose personal information without user consent, which include but are not limited to national security matters, public health incidents, and criminal investigations.
However, the app does not specify whether court orders will be required to gain access to this information and who will be eligible to receive data.
The final concern Knockel uncovered was that the app allows users to report "politically sensitive" content and found it has a censorship keyword list.
The list includes 2,442 political terms, including some linked to tensions in Xinjiang and Tibet, as well as references to Chinese government agencies. On the list are Chinese phrases translating to "Jews are pigs" and "Chinese are all dogs," Uyghur terms for "the Holy Quran" and Tibetan words referring to the Dalai Lama.
Knockel couldn't find evidence that the list was being used by the app.
"We don't know whether they intended for it to be inactive or whether they intended for it to be active, but either way, it's something that....can be enabled at the flick of a switch," said Knockel.
The Citizen Lab disclosed the concerns it found with MY2022 to organizing committees on Dec. 3, giving them 15 days to respond and 45 days to fix the issues, before it publicly disclosed the problems.
A new version of MY2022 for iOS users was released on Jan. 6, but Citizen Lab said no issues were resolved with the update. In fact, Citizen Lab said the update introduced a new "Green Health Code" feature that collects more medical data and is vulnerable to attacks because of its lack of SSL certificate validation.
The Beijing Organizing Committee said in a statement that the report failed to provide necessary evidence to support its conclusions and claimed the app is not compulsory to download on cellphones.
It said the Google Play store and Apple's App Store had both approved MY2022 for use. Neither Google nor Apple responded to a request for comment.
The International Olympic Committee said in a statement that it has requested a copy of the Citizen Lab's report to better understand its concerns.
The IOC noted it has conducted independent third-party assessments on MY2022 with two cyber-security testing organizations and found there are no critical vulnerabilities in the app.
Meanwhile, the Canadian Olympic Committee did not address the report specifically, but said it has reminded all members of Team Canada that the Games present a unique opportunity for cybercrime and they should be extra diligent about these risks.
It said in a statement that it has recommended Team Canada members leave personal devices at home, limit personal information stored on electronics brought to the Games, only connect to official Wi-Fi, turn off transmitting functions when not in use and remove any Games related apps when they're no longer necessary.
Knockel recommends anyone headed to the Olympics only use the app when connected to networks they trust, like a virtual private network (VPN).
Olympic participants should also consider taking conversations and other actions that are not mandatory to complete in MY2022 to other apps with better security, he said.
"But it's tricky," he said. "Even if they are aware of the security vulnerabilities in the app, they might not have a choice."
This report by The Canadian Press was first published Jan. 18, 2022.
A 60-year-old man and a 55-year-old woman killed in a wrong-way crash on Highway 401 earlier this week have been identified by the Consulate General of India in Toronto.
Three people have been arrested and charged in the killing of B.C. Sikh activist Hardeep Singh Nijjar – as authorities continue investigating potential connections to the Indian government.
Pius Suter scored with 1:39 left and the Vancouver Canucks advanced to the second round of the NHL playoffs with a 1-0 victory over the Nashville Predators on Friday night in Game 6.
TD Bank Group could be hit with more severe penalties than previously expected, says a banking analyst after a report that the investigation it faces in the U.S. is tied to laundering illicit fentanyl profits.
A Quebec man who pleaded guilty to threatening Prime Minister Justin Trudeau and Premier François Legault has been sentenced to 20 months in jail.
RCMP say human remains found in a rural area in central Saskatchewan may have been there for a decade or more.
A source close to singer Britney Spears tells CNN that the pop star is 'home and safe' after she had a 'major fight' with her boyfriend on Wednesday night at the Chateau Marmont in West Hollywood.
As Wegovy becomes available to Canadians starting Monday, a medical expert is cautioning patients wanting to use the drug to lose weight that no medication is a ''magic bullet,' and the new medication is meant particularly for people who meet certain criteria related to obesity and weight.
Drew Carey took over as host of 'The Price Is Right' and hopes he’s there for life. 'I'm not going anywhere,' he told 'Entertainment Tonight' of the job he took over from longtime host Bob Barker in 2007.
Alberta Ballet's double-bill production of 'Der Wolf' and 'The Rite of Spring' marks not only its final show of the season, but the last production for twin sisters Alexandra and Jennifer Gibson.
A British Columbia mayor has been censured by city council – stripping him of his travel and lobbying budgets and removing him from city committees – for allegedly distributing a book that questions the history of Indigenous residential schools in Canada.
Three men in Quebec from the same family have fathered more than 600 children.
A group of SaskPower workers recently received special recognition at the legislature – for their efforts in repairing one of Saskatchewan's largest power plants after it was knocked offline for months following a serious flood last summer.
A police officer on Montreal's South Shore anonymously donated a kidney that wound up drastically changing the life of a schoolteacher living on dialysis.
Since 1932, Montreal's Henri Henri has been filled to the brim with every possible kind of hat, from newsboy caps to feathered fedoras.
Police in Oak Bay, B.C., had to close a stretch of road Sunday to help an elephant seal named Emerson get safely back into the water.
Out of more than 9,000 entries from over 2,000 breweries in 50 countries, a handful of B.C. brews landed on the podium at the World Beer Cup this week.
Raneem, 10, lives with a neurological condition and liver disease and needs Cholbam, a medication, for a longer and healthier life.