⚡🇪🇺 NEW - Security researcher Paul Moore has demonstrated ho...

FLASH

npub1f4uyypghstsd8l4sxng4ptwzk6awfm3mf9ux0yallfrgkm6mj6es50r407

hex

56f0f41f7819cf8dd01bd9e7a9bfd4db04c6e500953d34390b211ea5bc11fe56

nevent

nevent1qqs9du85raupnnud6qdaneafhl2dkpxxu5qf20f58y9jz849hsglu4sprpmhxue69uhhyetvv9ujuem4d36kwatvw5hx6mm9qgsy67zzq5tc9cxnl6crf52s4hptdwhyaca5j7r8jwll535tdadedvctt50uc

Kind-1 (TextNote)

2026-04-16T12:50:48Z

⚡🇪🇺 NEW - Security researcher Paul Moore has demonstrated how the EU age verification app can be compromised in under 2 minutes with nothing more than physical access to a device.

By editing the app’s shared preferences file an attacker can remove the encrypted PIN values, reset the rate limiting counter to zero, and disable biometric requirements entirely.

The app then accepts a new PIN and grants access to the existing age verification credentials.

His earlier analysis of the open source code also revealed that the app stores NFC biometric facial data and user selfies as unencrypted lossless PNG files on the device.

Deletion is incomplete, leaving the images at risk even after processing.

Europe is so cooked https://blossom.primal.net/8c11349c7317ae0691301bd7373d3668ef3bde97002b117cbfc69eeb248782bf.mp4

Raw JSON

{
  "kind": 1,
  "id": "56f0f41f7819cf8dd01bd9e7a9bfd4db04c6e500953d34390b211ea5bc11fe56",
  "pubkey": "4d7842051782e0d3feb034d150adc2b6bae4ee3b49786793bffa468b6f5b96b3",
  "created_at": 1776343848,
  "tags": [],
  "content": "⚡🇪🇺 NEW - Security researcher Paul Moore has demonstrated how the EU age verification app can be compromised in under 2 minutes with nothing more than physical access to a device. \n\nBy editing the app’s shared preferences file an attacker can remove the encrypted PIN values, reset the rate limiting counter to zero, and disable biometric requirements entirely. \n\nThe app then accepts a new PIN and grants access to the existing age verification credentials.\n\nHis earlier analysis of the open source code also revealed that the app stores NFC biometric facial data and user selfies as unencrypted lossless PNG files on the device. \n\nDeletion is incomplete, leaving the images at risk even after processing.\n\nEurope is so cooked https://blossom.primal.net/8c11349c7317ae0691301bd7373d3668ef3bde97002b117cbfc69eeb248782bf.mp4",
  "sig": "d67130b417784586f61f65e7231093ba55f2bbc88900ae6d15a67cd1c46cf60bb4875c5e85cf250e8009a5c4e3b071856822d8de17988fe94984239b7fdbd491"
}