EU Age Verification App Vulnerable to Hacking in Under 2 Minutes

Severity: High (Score: 66.0)

Sources: Cybersecuritynews, Cybernews, Thecyberexpress, Rss.Slashdot

Summary

The European Commission's newly launched age verification app, aimed at protecting minors online, has been compromised by security consultant Paul Moore, who demonstrated a bypass of its security in under two minutes. The app, designed to allow users to prove their age without sharing personal data, has been criticized for fundamental design flaws that make it susceptible to attacks. Moore highlighted that the app's encryption is not securely tied to the user's identity, allowing attackers to reset PINs and bypass biometric checks easily. The app was officially announced on April 14, 2026, and is intended to support compliance with the EU's Digital Services Act. However, its vulnerabilities raise serious concerns about the safety of children online. The app's rollout comes amid increasing scrutiny of online platforms and their responsibility to protect young users. As of now, the app's security flaws have prompted calls for immediate reassessment and potential redesign. Key Points: • The EU's age verification app can be hacked in under 2 minutes, exposing security flaws. • Security expert Paul Moore identified critical vulnerabilities in the app's design. • The app aims to protect minors but raises significant concerns about online safety.

Key Entities

• Brute Force (attack_type)
• Data Breach (attack_type)
• European Commission (company)
• Australia (country)
• United Kingdom (country)
• CWE-200 - Exposure of Sensitive Information (cwe)
• CWE-287 - Improper Authentication (cwe)
• T1110 - Brute Force (mitre_attack)