Security Experts:

Connect with us

Hi, what are you looking for?


Mobile & Wireless

U.S. Olympians Told to Use ‘Burner Phones’ in China

U.S. Olympians Told to Use 'Burner Phones' in China

U.S. Olympians Told to Use 'Burner Phones' in China

Olympic athletes heading to China for the upcoming Winter Games should use burner phones and rental computers, and understand clearly that there’s “no expectation of data security or privacy” while moving around in China.

That’s the blunt warning from the U.S. Olympic and Paralympic Committee ahead of next month’s games in Beijing where there’s an elevated risk of malware infections and data compromise.

The guidance is an important reminder to businesses that international travel, even though curtailed by the pandemic, presents a clear and present danger to sensitive company data and intellectual property.

“No guarantees of data privacy or security should be made regardless of the security technology utilized. Assume that every device and every communication, transaction, and online activity will be monitored. Devices may also be compromised with malicious software designed to compromise the device and its future use,” the committee said in a notice seen by SecurityWeek.

It recommended that a “sterile device” be used when entering China and, upon exit, “ the cleansing and destruction of the information on the device ensures the highest degree of security.”

[ Virtual Event: Ransomware Resilience & Recovery Summit – Jan. 26 ]

The committee specifically pushed the U.S. delegation to use burner phones and carefully wipe and destroy devices after use in China. 

Beijing Olympics 2022“The applications and data on the mobile devices brought into China should be cleansed and devices brought out of the country should be wiped and destroyed due to the risk of further network and data infection by malicious programs. The usage of rental cellphones is preferred.”

“Personal mobile devices (cellphones and tablets) are discouraged from being brought into China,” it added.

The group also recommended the use of “rental computers” and warned that “the greatest threat to security is both the data that is brought into China as well as the potential malicious programs that are brought out.” 

Upon entry into China, business travelers and athletes should understand that Chinese authorities have the authority to inspect or seize any device for security reasons during customs processing. Although these incidents are rare, olympians should assume that every text, email, online visit, and application access can be monitored or compromised.

“There should be no expectation of data security or privacy while operating in China,” the group warned, noting that the use of firewalls, anti-malware and encryption technologies are encouraged but aren’t guaranteed to provide real protection. 

[ READ: Five Key Signals From Russia’s REvil Ransomware Bust ]

“Despite any and all safeguards that are put in place to protect the systems and data that are brought to China, it should be assumed that all data and communications in China can be monitored, compromised or blocked.”

At a minimum, it said Windows and macOS-powered machines landing in China should be cleansed of personal and business data and hardened via appropriate security software and protocols at the BIOS, authentication, and application level.

The Olympic Committee‘s guidance comes just days after the discovery of a “simple but devastating flaw” in the encryption of the MY2022 app used to monitor COVID infections. The app is mandatory for athletes, journalists and other attendees of the games in Beijing and security experts warn that the flaw exposes health information, voice messages and other data to leakage.

The International Olympic Committee responded to the report by saying users can disable the app’s access to parts of their phones and that assessments from two unnamed cyber security organizations “confirmed that there are no critical vulnerabilities.”

Citizen Lab said it notified the Chinese organizing committee for the Games of the issues in early December and gave them 15 days to respond and 45 days to fix the problem, but received no reply.

Related: Mandatory Chinese Olympics App Has ‘Devastating’ Encryption Flaw 

Related: South Korea Probes Cyber Shutdown During Olympics Ceremony

Related: Sophisticated False Flags Planted in Olympic Destroyer Malware

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.


Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.