Not even Francisco is saved from the errors of the programmers

Not even Francisco is saved from programming errors

Within hours of the eRosario launch, security researchers found a vulnerability in the user account access method.

Not even Francisco is saved from programming errors. Some days ago ehe Vatican entered the Internet of Things market with an eRosary. But, it is seen that the guardian angels do not yet have a computer division. They found security flaws in the operation of the device.

What is the eRosario?

The Click To Pray eRosary electronic rosary is adinteractive, intelligent device with applications which serves as tool to learn to pray the rosary for peace in the world. It can be worn as a bracelet and is activated by making the sign of the cross.

The device is synchronized with a free application of the same name, that allows access to an audio guide, exclusive images and personalized content on the prayer of the Rosary.

The device also tracks user steps, calories burned and location. For some reason, it also asks permission to make calls.

Physically, the device consists of ten consecutive beads of black agate and hematite rosary, and of an intelligent cross that stores all the technological data connected to the application.

How does it work

When the faithful want to pray, they can use the Click to Pray application to ebequeath a particular rosary. According to the Vatican's presentation statement:

“Physically, the device consists of ten consecutive black agate and hematite rosary beads, and a smart cross that stores all the technological data connected to the application. Once activated, the user has the possibility to choose between praying the standard rosary, a contemplative rosary and different types of thematic rosaries that will be updated every year. Once the prayer begins, the smart rosary shows the user's progress through the different mysteries and keeps track of each finished rosary.

This rosary works together with the Click to Pray network, a social network that connects Catholic faithful from all over the world to pray. Supposedly the Holy Father has a personal profile in it, but considering that when he was Archbishop of Buenos Aires the most advanced thing he used was a cassette recorder, I allow myself to doubt that he participates very actively in person.

The Click To Pray eRosary also allows you to keep a record of daily and monthly intentions to "build a world with the flavor of the Gospel."

Why not even Francisco is saved from security problems?

Fidus Information Security, a UK company, discovered the vulnerability shortly after the device's launch. So did Baptiste Robert, a French computer security specialist.

Instead of a password, the app sends a PIN to the email address registered by the faithful to log in.

The problem is that the PIN code it could also be seen by anyone who could see network traffic to which the application connects. This was caused by a programming error that in addition to sending the pin to the user's email, it sent it to the entire network Click To Pray.

That is, in theory, anyone could see the PIN without accessing the email account. Because requesting a PIN exits the current session, a person could be kicked out and unable to re-enter because someone is already using a requested PIN. The intruder could see any information registered in the system.

The problem has already been solved.

The news raises many interesting questions, some of which we will keep to ourselves because this is a blog about technology and not about religion. But can seriously a responsible programmer make a mistake like sending the pin to the entire network and above without encryption?

On the other hand, and I'm not talking about the Vatican anymore, I think we are getting out of hand with making it "smart" and connected to devices that work very well being analog.


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

6 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   Autopilot said

    Nothing human should be alien to us, a category that programmers also fall into.

  2.   Aritz said

    Is it me or is the article not complete?

    1.    Diego German Gonzalez said

      I may not know how to write.

    2.    Joshua said

      Aritz is right, it seems that the article is not complete.

      1.    Diego German Gonzalez said

        Yes, I just saw that the final sentence did not come out complete. Thanks

    3.    Diego German Gonzalez said

      I just saw why you said it. Thanks for advising.