The European Union's (EU) new Age Verification app, touted as a safeguard for children online, has already been compromised, raising serious concerns about its effectiveness and the potential risks it poses. This app, launched by EU chief Ursula von der Leyen, aims to standardize age checks across online services, mirroring the success of its Covid-era vaccine verification tool. However, security researcher Paul Moore has exposed critical vulnerabilities, highlighting why this app is fundamentally flawed and may not be the panacea it's intended to be.
The Flaws in the System
Moore's analysis reveals a critical oversight in the app's design. He points out that the app fails to protect against relay attacks, where an attacker can manipulate the verification process by using a remote Android device to return a valid attestation. This means that the app, which is supposed to verify the age of a specific user, can be easily bypassed, effectively replacing 'I am over 18' with 'someone is over 18'. This is a significant issue, as it undermines the very purpose of the app and leaves a gaping hole in its security.
The Misalignment of Interests
One of the most concerning aspects of the app's design is the misalignment between the system's interests and the user's interests. In virtually every other scenario, the user and the system are aligned in protecting the user's biometric data. However, in the case of age verification, most users do not want to present their ID simply to access a website. This means that the architecture, which assumes the user is the protected party, is flawed. The user can easily bypass the system, and the architecture doesn't consider this possibility.
The Importance of Physical Access
Those who argue that the app requires physical access to the device and root access are missing the point. The disclosures demonstrate that the user, not the system, is the threat actor. The app's design doesn't account for the fact that the user can root their device and create a chrome extension to bypass the system. This is particularly concerning, as it's precisely those under 18 who are motivated to bypass the verification process.
The Broader Implications
The implications of these flaws are far-reaching. If the app is exploited, will company directors and staff face fines, legal action, or imprisonment for not protecting children? The app's design, which fails to protect against relay attacks and misaligns the interests of the user and the system, raises serious questions about its effectiveness and the potential risks it poses. The app, which was supposed to be a safeguard for children, may actually be doing more harm than good.
The Way Forward
The EU must address these critical flaws in the app's design. It's essential to re-evaluate the threat model and consider the user as a potential threat actor. The app's architecture needs to be revised to account for the possibility of relay attacks and the user's ability to bypass the system. Only then can the app live up to its promise of keeping children safe online.
