The European Commission has launched a new app that will allow users to prove their age when accessing online platforms, helping to protect children from harmful or inappropriate content. However, the system proved to be extremely vulnerable to penetration tests. Security specialists were able to exploit the programming loopholes and crack the app in a record time of under 120 seconds.
The European Commission has launched a European application for verifying the age of children. Photo by Shutterstock
As children spend more time online than ever, their safety has become a major concern, with widespread cases of harassment and platforms with addictive designs, the European Commission recently reported.
To prevent exposure to harmful and illegal content as well as sexual harassment by online predators, the Commission has proposed a European solution, claiming that the new age verification app is easy to use and can be set up using a passport or ID card, allowing users to prove their age when accessing online services.
“The app is completely anonymous, works on any device and is completely open source, which means that partner countries around the world can also adopt it. The app is a free and easy-to-use solution to increase children's online safety that online platforms can easily rely on. Some EU countries are already planning to integrate the app into their national digital identity wallets, and the Commission President has called on more EU countries and the private sector to follow suit.
The EU remains committed to making the digital world safer for children. With the age verification app, the EU is taking decisive action to protect children and hold online platforms accountable, reinforcing the priority of children's safety over commercial interests.” recently informed the Commission.
Hackers say it takes 2 minutes to crack it
Cyber experts say they have found loopholes in Brussels' age-verification app, despite claims by the EU executive that it is “technically ready”, writes Politico.
Hours after the app was released by the EU, security consultant Paul Moore discovered that it stored sensitive data on a user's phone and left it unprotected, according to a widely shared post on X. Moore claimed to have cracked the app in less than 2 minutes.
Baptiste Robert, a prominent French hacker of the “white hat,” confirmed many of the issues and stated that it was possible to bypass the app's biometric authentication features, meaning someone could opt out of entering a PIN or using Touch ID to access the app.
The day millions of children lost access to social media. Australia becomes the country with the strictest rules
Olivier Blazy, a cryptographic researcher who is part of a French working group on digital identity, said: “Let's say I downloaded the app, proved I'm over 18, then my nephew can take my phone, unlock the app and use it to prove he's over 18.”
The European Commission on Friday maintained its statement that the application is technically ready. “Yes, it's ready «and can always be improved»”, chief spokesperson Paula Pinho told reporters.
Digital department spokesman Thomas Regnier said: “Now when we say it's a final version, it's… still a demo version”. He added that the final product is not yet available to citizens and “the code will be constantly updated and improved… I can't rule out today whether or not further updates will be needed.“
The European Commission said Thursday that hackers are investigating a “demo version” previous to the app, launched in “testing and development purposes“. Vulnerability “has been fixed“, she specified.
But both Moore and Blazy said they were running their tests online on the latest version of the EU code.
“Half Baked”
The online row over the EU application reveals a bitter divide over how to manage internet users' access to everything from pornographic sites to social media platforms.
The EU and many of its member countries are trying to implement methods of verifying the age of people online – driven by political pressure to better protect children online.
French President Emmanuel Macron brought together heads of state from across Europe for a video call on the issue, attended by von der Leyen, Giorgia Meloni (Italy), Pedro Sánchez (Spain), Friedrich Merz (Germany) and other leaders.
Australia in December became the first country in the world to implement restrictions on children's use of social media, effectively banning under-16s from using popular platforms such as TikTok and YouTube.
The European Commission launched a 4 million euro tender for the age verification app in 2024 late last year, which was won by Swedish digital identity company Scytáles and Deutsche Telekom.
The app allows users to verify their age through their passport, national ID or through trusted providers such as a bank. Technology platforms can ask the app if a person is over a certain age, but would not have access to more personal data – through what is known as the method “zero-knowledge proof” carefers to the preservation of confidentiality.
National governments can also design their own apps, and the apps are meant to work together to enable seamless age checks across the community block.
Article supported by eMag
