Olivia
Online
ManpaoSam
@ManpaoSam
Manpao
Joined April 2017
105 Following
34 Followers
4.1K Posts
@zandyor New microphone
@Bitcoinprof0637 Imma try it why not, BTC
@DromasGamerHD I can't imagine winning it
@schiz04renic Coconut
@zandyor Ce2hUywe5feHWyiKodqjJpyAfNXzNwWw6nVkt8Z8MncG
@AndrewBolis YouTube
@LegacySiu Sporting
@lunarfq Uhh hello
This is devastating
โผ๏ธ๐ช๐บ The EU's new Age Verification app was hacked with little to no effort.
When you set it up, the app asks you to create a PIN. But that PIN isn't actually tied to the identity data it's supposed to protect. An attacker can delete a couple of entries from a file on the phone, restart the app, pick a new PIN, and the app happily hands over the original user's verified identity credentials as if nothing happened.
It gets worse. The app's "too many attempts" lockout is just a counter in a text file. Reset it to 0 and keep guessing. The biometric check (face/fingerprint) is a simple on/off switch in the same file. Flip it to off and the app skips it entirely.
Hacking the #EU #AgeVerification app in under 2 minutes.
During setup, the app asks you to create a PIN. After entry, the app *encrypts* it and saves it in the shared_prefs directory.
1. It shouldn't be encrypted at all - that's a really poor design.
2. It's not cryptographically tied to the vault which contains the identity data.
So, an attacker can simply remove the PinEnc/PinIV values from the shared_prefs file and restart the app.
After choosing a different PIN, the app presents credentials created under the old profile and let's the attacker present them as valid.
Other issues:
1. Rate limiting is an incrementing number in the same config file. Just reset it to 0 and keep trying.
2. "UseBiometricAuth" is a boolean, also in the same file. Set it to false and it just skips that step.
Seriously @vonderleyen - this product will be the catalyst for an enormous breach at some point. It's just a matter of time.
@tye1337 guide
i'm gonna regret this but...
it's time to leak my entire faceless youtube shorts system
you got 72 hours to get it.
like, RT + reply w/ "guide" and send it to you (must be following)
@DromasGamerHD 30k for world tour
Do you remember when you joined X? I do! #MyXAnniversary
@DromasGamerHD Sheesh cap
Last Seen Users on Sotwe
Habesha private videos only ๐ช๐น๐ช๐ท๐ธ๐ด
Seen from Japan
ไธๅฎ๏ผๅทจ้พๆๅป็๏ผ 
Seen from Thailand
Mike
Seen from United States
Gรผlcan
Seen from Turkey
ุงูุจุฑูุณ
Seen from Egypt
ุงู
ุฏุงููุง๐๐
Seen from Singapore
Shumaila Cpl
Seen from Pakistan
huma shahzadi
Seen from Turkey
.SAA ๐ฆ๐ช
Seen from United Kingdom
Ferhat Yldz
Seen from Turkey
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers