Digital rosary discovered to be hackable, Vatican says it has fixed bugs

Vatican City, Oct 21, 2019 / 07:40 pm (CNA).- Shortly after the new “smart rosary” bracelet was released last week, the Vatican discovered an easy route for hackers to retrieve a user’s personal information. The issue has since been fixed.

Launched on Oct. 15, the device is called an eRosary and allows users to track their prayers, find spiritual resources, and connect with an online prayer community.

A few days after its release, Fidus Information Security, a cyber security consulting service, discovered the device’s weak safety measures, which could have allowed hackers to gain access to a user’s personal information such as their phone number, date of birth, gender, and height.

“One of our researchers decided to check out the code, and in just 10 minutes found some glaring issues,” Andrew Mabbitt, founder of Fidus, told The Register tech site.

According to Fidus, the most glaring concern was a glitch that would allow a hacker to access a user’s password – a four-digit PIN – without connecting to the user’s email. The application uses API calls to talk to its backend system. Upon request for a user’s email address, the system would send over a readable text of the user’s PIN through the API.

Father Frédéric Fornos, international director for the Pope’s Worldwide Prayer Network, told The Register that Vatican coders were placed on the problem immediately after he heard about the issue on Oct. 17. Since then, the issue has been corrected.

According to The Register, Fidus also found that, because there are unlimited password guesses, hackers would be able to retrieve the pin number by “brute forcing” – a means to retrieve hidden information through excessive trial and error. However, a Vatican spokesperson said this issue has also been resolved.

The eRosary was launched under the Pope’s Worldwide Prayer Network and developed by the Taiwan-based tech company GadgTek Inc.

The Bluetooth device in the bracelet connects to Click to Pray, a phone app on iOS or Android that reminds people to pray. It also includes reflections, campaigns, and an electronic bulletin board, where users may request or find prayer intentions.

The eRosary activates when the user makes a sign of the cross. It tracks the user’s progress and, in connection with the user’s phone, provides visual aids and audio reflections on the mysteries of the rosary.

The device is available on Amazon.it for 99 euros, roughly $109.

According to an Oct. 15 press release from Click to Pray, the eRosary is an opportunity to connect young people together in prayer.

“Aimed at the peripheral frontiers of the digital world where the young people dwell, the Click To Pray eRosary serves as a technology-based pedagogy to teach the young how to pray the Rosary, how to pray it for peace, how to contemplate the Gospel,” the press release said.

 


If you value the news and views Catholic World Report provides, please consider donating to support our efforts. Your contribution will help us continue to make CWR available to all readers worldwide for free, without a subscription. Thank you for your generosity!

Click here for more information on donating to CWR. Click here to sign up for our newsletter.


2 Comments

  1. Fitbit devices have also been found to be hackable. You really don’t need to be hooked up to any device like this if you value your private info. Our smartphones & laptops are already security issues. Why add more?

Leave a Reply

Your email address will not be published.

All comments posted at Catholic World Report are moderated. While vigorous debate is welcome and encouraged, please note that in the interest of maintaining a civilized and helpful level of discussion, comments containing obscene language or personal attacks—or those that are deemed by the editors to be needlessly combative or inflammatory—will not be published. Thank you.


*