Cross-Country Exposure
Analysis of the MY2022 Olympics App

MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but devastating flaw where encryption protecting users’ voice audio and file transfers can be trivially sidestepped. Health customs forms which transmit passport details, demographic information, and medical and travel history are also vulnerable. Server responses can also be spoofed, allowing an attacker to display fake instructions to users.

Featured Publications

Pegasus vs. Predator: Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware

Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour was simultaneously infected with both Cytrox’s Predator and NSO Group’s Pegasus spyware, operated by two different government clients.

Lifting the lid off the Internet.

The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto, focusing on research and development at the intersection of information and communication technologies, human rights, and global security. Learn more.

Get the latest Citizen Lab news right in your inbox.

Subscribe below.

Privacy Policy

Features & News

The 2022 Reset Scholarship in Social Media and Democracy

Background: Professor Ronald Deibert’s book “Reset: Reclaiming the Internet for Civil Society” was shortlisted for the 2020 Donner Prize, which is awarded by the Donner Canadian Foundation to recognize excellence in public policy writing and research by a Canadian. Shortlisted finalists receive a prize which Professor Deibert donated to establish the Reset Scholarship in Social… Read more »

Proyecto Torogoz: Hackeo extensivo de los medios de comunicación y la sociedad civil en El Salvador con el programa espía Pegasus

El Citizen Lab y Access Now han confirmado 35 casos de periodistas y miembros de la sociedad civil salvadoreña cuyos teléfonos fueron infectados con el programa espía Pegasus del NSO entre julio del 2020 y noviembre del 2021. Hemos compartido una muestra de nuestros datos forenses con el Laboratorio de Seguridad de Amnistía Internacional, el cual confirma de forma independiente los hallazgos.

Featured Video

Democracy Now: NSO Group Spies Secretly Seized Control of Apple Devices by Exploiting Flaw in Code

Ron Deibert joined Democracy Now to discuss how Citizen Lab research of a zero-click zero-day exploit—used by NSO Group—led Apple to issue a patch to over 1.65 billion products.