• Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
  • Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
Login
Join Free
Home
Asia
Africa
Europe
Latin America
Middle East
North America
Asia
Africa
Europe
Latin America
Middle East
North America
Asia
Africa
Europe
Latin America
Middle East
North America
Coming Soon
Job Board
Events
Contact Awards
USMC Deception Manual
Login
Join Free
Home Global Operations Europe

EU Declared Age App “Ready” While GitHub Flagged it Unfit, Then Hackers Bypassed It in 2 Minutes

  • SOFX Staff Writer
  • April 20, 2026
(VGV MEDIA / Shutterstock.com)
Share on FacebookShare on TwitterLinkedIn

Security researchers bypassed the European Commission’s new age verification app in under two minutes on April 16, days after Commission President Ursula von der Leyen declared the open-source tool “technically ready,” even as the app’s own GitHub repository carried an explicit warning that the code was not suitable for real-world use.

Our app ticks all the boxes.

✅ Highest privacy standards in the world
✅ Works on any device
✅ Easy to use
✅ Fully open source pic.twitter.com/EUqHlA3ts0

— Ursula von der Leyen (@vonderleyen) April 15, 2026


UK-based security consultant Paul Moore posted a screen-recorded demonstration to X showing that deleting encrypted PIN entries from the app’s eudi-wallet.xml configuration file allowed an attacker to set a new PIN while retaining access to existing verified credentials.

The same configuration file stored the PIN attempt counter as a plain integer that could be reset to zero, enabling unlimited guessing attempts.

A single boolean value in the same file disabled biometric authentication entirely. Moore’s post, which tagged von der Leyen directly, drew more than 3.2 million views.

Hacking the #EU #AgeVerification app in under 2 minutes.

During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory.

1. It shouldn’t be encrypted at all – that’s a really poor design.
2. It’s not… https://t.co/z39qBdclC2 pic.twitter.com/FGRvWtWzaZ

— Paul Moore – Security Consultant (@Paul_Reviews) April 16, 2026


A review of the Commission’s GitHub repository for the app revealed an explicit notice stating the code represented an early-stage release. The disclaimer warned that security and privacy protections fell below the standards of the intended final product and that the application was not recommended for real-world deployment. President von der Leyen’s April 15 announcement, however, contained no such qualifications.

After Politico reported the vulnerabilities, the Commission stated that researchers had tested a “demo version” released only for development purposes and that the flaw “was fixed.”

Both Moore and cryptographic researcher Olivier Blazy said their tests were conducted on the latest version of the code published to GitHub.

Digital spokesperson Thomas Regnier then walked back the “final version” framing, stating, “When we say it’s a final version, it’s still a demo version.”

Blazy, part of a French government digital identity task force, described a scenario in which a minor could access a verified adult’s profile to pass an age check. “Such a rushed launch could undermine trust in future digital identity wallets,” he said.

Baptiste Robert, a French white-hat hacker, separately confirmed to Politico that the biometric authentication bypass was reproducible.

Telegram founder Pavel Durov posted on X on April 17 predicting that Brussels would use the security failure to strip privacy protections from the app, characterizing the outcome as “a surveillance tool sold as privacy-respecting.”

The “age verification app” the EU wants to impose on the world got hacked in 2 minutes.

Step 1: Present a “privacy-respecting” but hackable solution.
Step 2: Get hacked (you are here).
Step 3: Remove privacy to “fix” it.

Result: a surveillance tool sold as “privacy-respecting”.

— Pavel Durov (@durov) April 17, 2026


The app was built under a €4 million Commission tender awarded to Swedish digital identity firm Scytales and Deutsche Telekom. It uses zero-knowledge proof (ZKP) technology, which allows platforms to confirm a user’s age without accessing broader personal data.

More than 400 cybersecurity and privacy researchers had written to the Commission in March requesting a moratorium on deployment pending independent security review.

SOFX Staff Writer

SOFX Staff Writer

The Editor Staff at SOFX comprises a diverse, global team of dedicated staff writers and skilled freelancers. Together, they form the backbone of our reporting and content creation.

Subscribe
Login
Notify of
guest
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
ADVERTISEMENT

Trending News

Air Force Releases Unprecedented B-21 Raider Photos Mid-Refueling

Air Force Releases Unprecedented B-21 Raider Photos Mid-Refueling

by SOFX Staff Writer
April 16, 2026
0

The U.S. Air Force has released the first overhead images of the B-21 Raider, offering a rare top-down view of...

Fairfield Neighbor Who Stormed Home as Fictional Wizard Faces Felony Charges in Court Today

Fairfield Neighbor Who Stormed Home as Fictional Wizard Faces Felony Charges in Court Today

by SOFX Staff Writer
April 13, 2026
4

Jason Thomas Nichols, 30, of Fairfield, California, was arrested April 7, 2026, after forcing his way into a neighbor's home...

Nuclear Contractor Vanishes in Albuquerque, Becoming 10th Defense Expert to Die or Disappear as White House Vows Review

Nuclear Contractor Vanishes in Albuquerque, Becoming 10th Defense Expert to Die or Disappear as White House Vows Review

by SOFX Staff Writer
April 16, 2026
0

A government contractor with top security clearance at one of the nation's primary nuclear weapons production facilities disappeared from Albuquerque,...

Ukraine Claims First-Ever Capture of Russian Position Using Drones and Ground Robots

Ukraine Claims First-Ever Capture of Russian Position Using Drones and Ground Robots

by SOFX Staff Writer
April 14, 2026
1

For the first time, Ukrainian forces have captured a Russian position using only drones and unmanned ground vehicles (UGVs), President...

ADVERTISEMENT
ADVERTISEMENT
Next Post
Kyiv Gunman Set Fire to Apartment, Then Shot Six Dead With His Own Licensed Weapon

Kyiv Gunman Set Fire to Apartment, Then Shot Six Dead With His Own Licensed Weapon

Japan and Australia Sign Four Separate Defense Agreements in Single Melbourne Ceremony

Japan and Australia Sign Four Separate Defense Agreements in Single Melbourne Ceremony

997 Morrison Dr. Suite 200, Charleston, SC 29403

News

  • Global Operations
  • Special Interest
  • Industry
  • Global Operations
  • Special Interest
  • Industry

Resources

  • About Us
  • Contact Us
  • Advertise with Us
  • Editorial Policy
  • Privacy Policy
  • About Us
  • Contact Us
  • Advertise with Us
  • Editorial Policy
  • Privacy Policy
No Result
View All Result
  • Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
Subscribe
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.

Log in to your account

Lost your password?
wpDiscuz