The Vatican's connected rosary presents a major security flaw
About a week ago, the Vatican proposed a connected tool dedicated to prayer.
It is a connected rosary called "Click to Pray eRosary". Frédéric Fornos, world director of the pope's prayer network, called the tool "the best of the Church's tradition with the best of technology," he added, "In this extraordinary missionary month, we wanted to offer an intelligent rosary to help young people pray this ancient prayer of the Church by enshrining it in their digital world and imagination."
This article will also interest you: Connected gas pumps, the target of cyber criminals
It costs on the market the trifle of 99 euros. A prize that has been decried by many people. And it didn't take long to prove them right. Indeed, this technological tool of the church has a major security flaw that makes it very easy to hack.
We know that it is a partnership with the Taiwanese company Acer that the Catholic Church has designed the connected rosary that has been marketed for 2 weeks now in several countries around the world. It had been IP67 certified, with a 15 mAh battery, compounded Bluetooth 5.0 functionality works what to do with an Android and iOS app called Click to pray. "It promises up to four days of devotion on a charge, works with a processor built into its cross" explained Frédéric Fornos. The application also consists of a gyroscope.
The Vatican's goal with this computer tool is to attract more and more young people to prayer. Since the Click to Pray app was launched earlier this year, the goal is to frame and offer prayer and meditation sessions through audio, written, and personalized guides. The fusion with the connected rosary consisted of a cross gesture made with a tool, the application to automatically start on the phone. All you had to do was shake it to change your prayer.
Unfortunately this spiritual aspect is not the only one to remember. The connected rosary then becomes a motion sensor, which can determine in a certain sense the geographical position of an individual, his routes, and even the calories he will have consumed during these gestures of prayer. However, all this information can be collected, the rosary then becomes a mine for hackers, since it can be easily hacked.
It was a French cybersecurity expert named Baptiste Robert who discovered the flaw. According to him it took him just 14 minutes to be able to access the interface of the connected religious object. He explains that you only need to know a person's email address to be able to access their eRosary account. "The code used to validate a connection was present in the response sent to the app. However, it could be intercepted. All that was left to do was to use this code and email address to identify themselves on the application."
fortunately the Vatican alerted by the French expert was more keen and was therefore able to quickly correct this security flaw.
however Should we be concerned overall? This young tool, which is barely two weeks old, already has the flaws always revealed connected objects? What exactly does the church provide to secure the few thousands of users already connected?
Moreover, no victims of this fault. Has not been observed yet. For our part, the regulators have not really decided on the impact of this tool on their populations.
Now access an unlimited number of passwords: