Home / Technology / Vatican launches smart rosary, someone already found a security flaw

Vatican launches smart rosary, someone already found a security flaw




Last week, the Vatican announced it was "eRosary." Naturally, it did not take long for anyone to find a major security flaw.

The Click to Pray eRosary is a smart device that functions as a sort of Fitbit for prayer – and so just as a plain ol 'Fitbit, kind of.

When you wish to pray, you can use the Click to Pray app to pick a particular rosary. According to the Vatican's press release, " The Rosary shows the user's progress throughout the different mysteries and keeps track of each completed rosary." of people around the globe to pray every day. The Click To Pray eRosary is thus intended to accompany him in his Daily and Monthly Intentions in Order to Build a World with the Taste of the Gospel. "

That sounds harmless enough, but at least one security researcher discovered a security flaw in the app over the weekend. Fidus Information Security, a UK firm, has discovered the vulnerability within minutes of the app launch. Security researcher Elliot Alderson presents it to CNET.

Trouble is, the PIN code can be seen by anyone who could see the app traffic, as it would be contained in the API's response. So you could, in theory, see the PIN without needing access to the email account. Requesting a PIN, so it seems like you've been out of your session in the app. The person who accessed your account would be able to see any information there, including your prayers, your steps, etc.

According to CNET, the issue has now been fixed. Alderson has just been to the Vatican about the issue, but eventually someone listened. The Register reports both Alderson and Fidus reported the vulnerability at about the same time.

I'm sure there's some sort of irony in an item that's supposed to help the faithful feel more comfortable and secure turning out to be the child of insecure itself. Still, it's not that unusual for a wearable, and it's been good to know the situation.

Read next:

JBL 100 Classic Review: An iconic 70's speaker revived as a modern standout


Source link