Vatican City, 22 October, 2019 / 1:40 am (ACI Africa).
Shortly after the new “smart rosary” bracelet was released last week, the Vatican discovered an easy route for hackers to retrieve a user’s personal information. The issue has since been fixed.
Launched on Oct. 15, the device is called an eRosary and allows users to track their prayers, find spiritual resources, and connect with an online prayer community.
A few days after its release, Fidus Information Security, a cyber security consulting service, discovered the device’s weak safety measures, which could have allowed hackers to gain access to a user’s personal information such as their phone number, date of birth, gender, and height.
“One of our researchers decided to check out the code, and in just 10 minutes found some glaring issues,” Andrew Mabbitt, founder of Fidus, told The Register tech site.
According to Fidus, the most glaring concern was a glitch that would allow a hacker to access a user's password - a four-digit PIN - without connecting to the user’s email. The application uses API calls to talk to its backend system. Upon request for a user’s email address, the system would send over a readable text of the user’s PIN through the API.