Vatican’s Smart Rosary App Hacked 15 Minutes After Launch

Vatican’s Smart Rosary App Hacked 15 Minutes After Launch

Earlier this month the Vatican unveiled an eRosary wearable that tracked prayer progress and required users to make the sign of the cross to activate.

It comes with a dedicated app… which was hacked within 15 minutes of going live.

[referenced url=”https://gizmodo.com.au/2019/10/click-and-pray-erosary-vatican-wearable-smart-cross/” thumb=”https://gizmodo.com.au/wp-content/uploads/2019/10/hot-priest-410×231.jpg” title=”Oh My God, The Vatican Just Announced A ‘Smart Cross’ Wearable That Tracks Prayer Progress” excerpt=”The Vatican has just unveiled a ‘Click To Pray eRosary’ that contains its very own ‘smart cross’. It’s also being stocked by Acer because sure.”]

Fortunately, this major security flaw was discovered by French security researcher Baptiste Robert, rather than someone with more nefarious motives.

Robert told CNET that the flaw allowed someone to gain access to a user’s ‘Click And Pray’ account, as well as their personal information, due to the how the login credentials worked.

The app requires an email to sign up, but issues a PIN to use for login rather than a password.

However, the app sent this PIN request over its network. This means that if anyone was looking at the network traffic could see the PIN response that was emailed.

To make matters worse, if someone intercepted the PIN and used it to login a user’s account, the app would log out the original user from their own device.

This flaw also enabled people to request new PIN codes with ease, which Robert demonstrated to CNET.

Gaining access to someone’s Click And Pray account gave a hacker access to the user’s personal information such as birthday, gender, height and weight, as well as the logged information such as the amount of steps taken, distance traveled and times prayed.

They could also delete the account from inside the app.

Considering that the app also asks for location data and call permission – this is an alarming amount of information to be so easily accessible to someone looking to phish for user info.

Fortunately, a fix for this security flaw has since been issued.

Still, it’s an important lesson for wearable and app companies to remember. As tech and people become more connected, the need for airtight security to protect their information needs to be at the forefront of development.

[CNET]


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.