The EU's age verification app can be hacked in 2 minutes. (Found by Paul Moore)
The EU's age verification app can be hacked in 2 minutes. (Found by Paul Moore)
The EU's age verification app can be hacked in 2 minutes. (Found by Paul Moore)
Demo :https://youtu.be/1hfDOhrNx1I
In short :- The pin you set to lock the app is encrypted, not hashed, which means with the private key of the app it could be reversed (there's no need to get that as you'll see in the next points- Once you verify your age, the pictures and data identifying you is not deleted. Although on regular phones you and other apps can't access it as they are protected at the Android level, this is still a breach of GDPR- The app's data is stored in a shared preferences file, which is pretty much just plain text. If you delete the key for your PIN, the app will let you create a new one, and still access the data of the old account.- Nevertheless, the EU still brands it as a privacy friendly option on their site at https://t.ly/labwF
In short, don't verify your age online! This is really bad for privacy!@privacy
#privacy #europe #opensource #cybersecurity #ageverification