“冬奥通”安全分析
“冬奥通”是2022年北京奥运会官方规定与会者必须安装的一个手机软件。本研究指出“冬奥通”有一个简单但后果严重的安全漏洞,即其用于加密用户语音音频和文件传输的加密技术可以轻易被绕过。健康申报表等传输详细护照等个人资料,个人健康信息以及旅游史等也存在安全漏洞。服务器响应也可以被欺骗,允许攻击者向用户显示虚假指令。
“冬奥通”是2022年北京奥运会官方规定与会者必须安装的一个手机软件。本研究指出“冬奥通”有一个简单但后果严重的安全漏洞,即其用于加密用户语音音频和文件传输的加密技术可以轻易被绕过。健康申报表等传输详细护照等个人资料,个人健康信息以及旅游史等也存在安全漏洞。服务器响应也可以被欺骗,允许攻击者向用户显示虚假指令。
Within mainland China, we found that Apple censors political content including broad references to Chinese leadership and China’s political system, names of dissidents and independent news organizations, and general terms relating to religions, democracy, and human rights. And across all six regions, we found that Apple’s content moderation practices pertaining to derogatory, racist, or sexual content are inconsistently applied and that Apple’s public-facing documents failed to explain how it derives their keyword lists.
As part of the Citizen Lab’s research into the security and privacy of applications, we report on issues we discovered with three COVID-related applications in Indonesia and the Philippines – PeduliLindungi, StaySafe PH, and COVID-KAYA.
COVID-KAYA, a platform used by frontline healthcare workers in the Philippines to collect and share COVID-19 cases with the Philippines Department of Health, contained vulnerabilities in both the web and Android apps that allows for unauthorized users to access private data about the app’s users, and potentially patient data.
As a follow-up to our March 2020 report, we conducted daily tests on WeChat and collected 2,174 censored keywords between January to May 2020. This data provides a view into how narratives and messaging on the pandemic are controlled and molded on social media in China.
WeChat communications conducted entirely among non-China-registered accounts are subject to pervasive content surveillance that was previously thought to be exclusively reserved for China-registered accounts.
The analysis of YY and WeChat indicates broad censorship—blocking sensitive terms as well as general information and neutral references—potentially limiting the public’s ability to access information that may be essential to their health and safety.
本报告延续上一篇针对微信朋友圈图片过滤技术的研究,分析微信如何在聊天功能中实现实时图片过滤。微信是中国腾讯控股有限公司旗下的即时通讯应用,目前是中国最受欢迎的聊天软件之一,也是全球排名第四的最流行聊天软件。朋友圈是微信上最常用的功能之一,其中图片是用户最期望看到的内容分享形式。