New EU age verification has been hacked in under 2 minutes

Found this interesting tweet at X:

Hacking the #EU #AgeVerification app in under 2 minutes.

During setup, the app asks you to create a PIN. After entry, the app encrypts it and saves it in the shared_prefs directory.

1. It shouldn’t be encrypted at all - that’s a really poor design.
2. It’s not cryptographically tied to the vault which contains the identity data.

So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app.

After choosing a different PIN, the app presents credentials created under the old profile and let’s the attacker present them as valid.

Other issues:

1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying.
2. “UseBiometricAuth” is a boolean, also in the same file. Set it to false and it just skips that st@vonderleyenp.

Seriously @vonderleyen

• this product will be the catalyst for an enormous breach at some point. It’s just a matter of time.

In the tweet the guy provided a video.

source: https://x.com/Paul_Reviews/status/2044723123287666921