⚡🇪🇺 NEW - Security researcher Paul Moore has demonstrated how the EU age verification app can be compromised in under 2 minutes with nothing more than physical access to a device.
By editing the app’s shared preferences file an attacker can remove the encrypted PIN values, reset the rate limiting counter to zero, and disable biometric requirements entirely.
The app then accepts a new PIN and grants access to the existing age verification credentials.
His earlier analysis of the open source code also revealed that the app stores NFC biometric facial data and user selfies as unencrypted lossless PNG files on the device.
Deletion is incomplete, leaving the images at risk even after processing.
Europe is so cooked
By editing the app’s shared preferences file an attacker can remove the encrypted PIN values, reset the rate limiting counter to zero, and disable biometric requirements entirely.
The app then accepts a new PIN and grants access to the existing age verification credentials.
His earlier analysis of the open source code also revealed that the app stores NFC biometric facial data and user selfies as unencrypted lossless PNG files on the device.
Deletion is incomplete, leaving the images at risk even after processing.
Europe is so cooked
914❤️19🤙4❤️1👀1👍1🤣1
