Mastodawn

Well I guess it just took 2 minutes to hack the Eu id app

Gotta watch those expensive numbskulls who blindly use AI lol :)

Paul Moore - Security Consultant  (@Paul_Reviews)

Hacking the ##EU ##AgeVerification app in under 2 minutes.

During setup, the app asks you to create a PIN. After entry, the app encrypts it and saves it in the shared_prefs directory.

1. It shouldn't be encrypted at all - that's a really poor design.

It's not cryptographically tied to the vault which contains the identity data.

So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app.

After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid.

Other issues:
1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying.
2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step.

Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.

gaby_wald 40m ago

"Vers une « fuite de données massive » : l’app de vérification de l’âge de l’Europe est criblée de failles"

#CyberSécurité #AgeVerification #VérificationDeLAge #InterNet #InterWeb ...

https://www.01net.com/actualites/vers-fuite-donnees-massive-app-verification-age-europe-criblee-failles.html

𝖘𝖆𝖛𝖊𝖗𝖎𝖔 1h ago

Cosa ne pensate di questo messaggio di Pa*el Du*ov (immagine)?

https://cybernews.com/security/eu-age-verification-app-hack/

#privacy #ageverification #europe #europeNews #surveillance

Dr. 🏔️❄️🗺️📊🎨⛷️🧗🏻‍♂️🛶1h ago

for all the #ageverification / "parents should raise children not the internet" people - I'm not seeing any discussion of:

- [livable] universal basic income allowing parents to choose taking time to raise children
- de-financialising housing, ensuring that people on (say, a UBI) can afford a stable, efficient, home
- flexible, short working weeks for those who choose to keep working
- community spaces and "third places"

...when you've covered those, then the rhetoric may be more impactful 🤷🏻‍♂️

hiraeth 🦥2h ago

„Within hours of its release, however, security researchers reported critical flaws that could expose biometric data and allow users to bypass verification entirely.“

Ach! 😯

Naja, letzteres wäre ja eher Feature als Bug …

#Alterverifikation #AgeVerification #EU #EuropeanUnion #Privacy

https://cyberinsider.com/eus-official-age-verification-app-found-exposing-sensitive-user-data/

EU’s official age verification app found exposing sensitive user data

The European Commission unveiled its age-verification app as a solution to protect minors online, but analysts quickly found it leaks data.

CyberInsider

Penguin Rebellion 3h ago

FYI, the title of #HR8250 hasn't been changed to "Parents Decide Act". #JoshGottheimer gave it that name, right from the start.

https://gottheimer.house.gov/posts/release-gottheimer-announces-bipartisan-parents-decide-act-to-protect-kids-online

#AgeVerification

RELEASE: Gottheimer Announces Bipartisan “Parents Decide Act” to Protect Kids Online

Above: Gottheimer announces new legislation to protect kids online. RIDGEWOOD, NJ — Today, April 2, 2026, U.S. Congressman Josh Gottheimer (NJ-5) announced the Parents Decide Act, bipartisan, commonsense legislation to strengthen online protections for children and give parents greater control over what their kids can access on phones, tablets, and other devices. Watch Gottheimer’s announcement here. Gottheimer’s […]

Josh Gottheimer

Stop OS Surveillance Mandate 5h ago

🚨URGENT UPDATE🚨

We found the full text of the national OS-level #AgeVerification bill known as the Parents Decide Act (H.R. 8250), but we consider this as the federal "SOPA/PIPA", threatening the #FirstAmendment and #FourthAmendment. #PrivacyFirst #NoAgeSignals

https://www.congress.gov/bill/119th-congress/house-bill/8250/text