The European Commission’s big bet to help resolve what is considered a major priority in combating minors’ access to content on the internet has suffered a serious blow to its credibility. Just one day after being theofficially presented to President Ursula von der Leyenthe European Union’s new age verification application has been exposed by cybersecurity experts as being vulnerable to extremely simple attacks, by anyone.
British researcher Paul Moore, from Simply Secure Grouppublished, less than 24 hours after the app’s launch, a detailed demonstration proving that the application’s security can be circumvented.
According to Moore, the “pirating” process takes less than two minutes and does not even require advanced computer skills, just physical access to the device.
The flaw lies in the application’s local storage architecture. Moore demonstrated that the tool saves the security PIN code in an editable configuration file within the cell phone system. By manipulating two specific values in a text file (shared_prefs), a user can:
– Delete the existing PIN.
– Set a new access code without knowing the previous one.
– Even reset the failed attempt counter, allowing unlimited “brute force” attacks.
Once the PIN is changed, the system allows full access to the already verified identity credentials, which means that a minor could, theoretically, bypass the protection of a device shared or configured by their parents.
Leave a Reply