It Takes 2 Minutes to Hack the EU’s New Age-Verification App
Security experts exposed critical flaws in the EU's official app, including unsafe PIN storage, within minutes of release.
The European Commission launched a free, open-source age-verification app this week, intended to help social networks and pornography websites comply with new digital regulations. Commission President Ursula von der Leyen stated the app left platforms with 'no more excuses' for failing to check users' ages. However, the rollout was immediately marred by severe security flaws. Security consultant Paul Moore publicly demonstrated on X that he could hack the app in less than two minutes, identifying a critical vulnerability in how it stores user-created PINs, which could allow an attacker to easily take over a profile. Whitehat hacker Baptiste Robert independently confirmed the security issue to Politico.
Moore warned that the app, in its current state, is a security disaster and 'will be the catalyst for an enormous breach at some point.' This failure casts serious doubt on the technical robustness of the EU's approach to enforcing its Digital Services Act (DSA) and age-assurance mandates. The incident highlights the significant challenges of building secure digital identity tools at scale and could force a delay or redesign of the bloc's strategy, impacting major platforms required to implement age verification.
- Security consultant Paul Moore hacked the EU's official age-verification app in under 2 minutes, exposing a critical flaw.
- The vulnerability involves unsafe storage of user-created PINs, allowing for potential account takeover, confirmed by whitehat hacker Baptiste Robert.
- The app's failure undermines the EU's push for mandatory digital age checks under the Digital Services Act, risking widespread data breaches.
Why It Matters
This security failure jeopardizes a core EU regulatory enforcement tool and exposes users to identity theft, forcing a rethink of digital age verification.