IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

FBI urges Olympic athletes to leave personal devices at home due to cyber risk

The organisation has warned that threat actors could use a broad range of cyber activities, including DDoS or ransomware attacks, to disrupt the event

The FBI has urged all athletes to keep their personal smartphones at home and instead use a temporary phone while at the Olympic Games.

The organisation published a notice in which it warns entities associated with the February 2022 Beijing Winter Olympics and March 2022 Paralympics that cyber actors could use a broad range of cyber activities, including DDoS or ransomware attacks, to disrupt the events.

Additionally, the FBI warned Olympic participants and travellers of potential threats associated with mobile applications developed by untrusted vendors.

“The download and use of applications, including those required to participate or stay in the country, could increase the opportunity for cyber actors to steal personal information or install tracking tools, malicious code, or malware,” said the FBI.

The organisation recommends all athletes to use a temporary phone, highlighting that the National Olympic Committees in some Western countries are also advising athletes to leave personal devices at home due to cyber security concerns at the Games. 

However, it added that it isn’t aware of any specific cyber threat against the Olympics, but encourages partners to remain vigilant and maintain best practices in their network and digital environments.

It pointed to the 2020 Tokyo Olympics and Paralympics, where there were over 450 million attempted cyber-related incidents during the event, although none were successful due to the cyber security measures in place, according to the NTT Corporation which was in charge of IT security. The most popular attack methods used were malware, email spoofing, phishing, and the use of fake websites and streaming services designed to look like official Olympic service providers.

The FBI added that the use of new digital infrastructure and mobile applications, like digital wallets or applications that track COVID testing or vaccination status, could also increase the opportunity for cyber actors to inflict damage. This could allow them to steal personal information or install tracking tools, malicious code, or malware. The FBI underlined that athletes will be required to use the MY2022 smartphone app to track their health and travel data.

Related Resource

The best defence against ransomware

How ransomware is evolving and how to defend against it

Blue padlock Free download

The MY2022 app was analysed by Citizen Lab researchers who said they had found it contained a “devastating” encryption flaw, which it said allowed users’ audio and file transfer encryption to be sidestepped. The researchers also said it fails to validate SSL certificates and can be deceived into connecting to a malicious host.

There also appears to have been some misinformation surrounding the privacy of the Chinese app, with one researcher, Jonathan Scott, claiming that athletes’ audio is being collected, analysed, and saved on servers belonging to a Chinese AI firm with human rights concerns called iFlytek. This claim has been shared by US senators and a prominent podcaster on Twitter.

However, members of the infosec community have said the researcher’s claim is unsubstantiated by any of the evidence provided, even though it has already been shared widely.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Samsung fined $14 million over misleading water resistance claims across its Galaxy smartphones
Mobile Phones

Samsung fined $14 million over misleading water resistance claims across its Galaxy smartphones

23 Jun 2022
Toshiba eyes $22bn buyout offer in bid to go private
Business strategy

Toshiba eyes $22bn buyout offer in bid to go private

23 Jun 2022
Tencent to open third data centre in Japan
data centres

Tencent to open third data centre in Japan

22 Jun 2022
Can the four-day week take off in Japan?
flexible working

Can the four-day week take off in Japan?

16 Jun 2022

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022