EU's New Age-Verification App Takes Just Two Minutes to Hack, Because of Course

In a stunning development that will shock precisely no one who has ever used a government tech product, the European Union's new age-verification app, designed to protect children online, can be hacked in about two minutes. The app, a cornerstone of the EU's Digital Services Act, is supposed to verify a user's age using government-issued ID and facial recognition. Researchers, however, demonstrated that a simple video call on a second device, showing a photo of an ID, was enough to trick the system. This elegant, low-tech bypass renders the entire high-tech security theater somewhat moot.

The app, named EU Digital Identity Wallet, is being rolled out as a voluntary tool for platforms to comply with age-restriction rules. Its failure is particularly ironic given the context of other digital privacy nightmares currently making headlines. For instance, Meta is developing facial recognition glasses that privacy advocates warn could become a tool for sexual predators. Meanwhile, a separate crisis involving AI-generated deepfake nudes is spreading through schools, proving that the problem of verifying reality online is pervasive and poorly addressed by quick-fix apps.

This security flaw isn't just a theoretical concern; it's a practical gateway. If a child can use a parent's ID photo on a video call to access age-restricted content, the app's core function is defeated. This comes as Silicon Valley firms are reportedly spending millions to lobby against one of their own proposed regulations, highlighting the chaotic and often contradictory landscape of digital governance. It seems the effort to build walls is matched only by the ease of finding ladders.

Ultimately, the story of this two-minute hack is a classic tech parable: a well-intentioned regulation meets a hastily built solution, resulting in a system that is less about security and more about checking a compliance box. As the EU pushes forward with its digital identity plans, this episode serves as a wry reminder that in the race to govern technology, the simplest exploits are often the most effective. The snake bros getting bitten by their own lethal pets, as another headline notes, is starting to feel like an apt metaphor for the entire industry.