Security Experts Warn Discord Age Checks Create 'Identity Honey Pot'
Security Experts Warn Discord Age Checks Create ‘Identity Honey Pot’ 🚨
Security experts are raising alarms about Discord’s new age verification measures, warning that they may inadvertently create an “identity honey pot” for attackers. As platforms implement stricter safety controls, users often seek ways to bypass these barriers. Nic Adams, CEO of 0rcus, emphasizes that mandatory age verification systems are likely to be targeted by malicious actors.
Discord plans to roll out its “teen-by-default” settings in March, requiring adults to verify their age to access sensitive content. This decision follows a breach last autumn linked to a third-party vendor, highlighting the risks associated with outsourcing identity checks.
Methods of Age Verification 🔍
Discord’s approach includes three primary methods for verifying age:
- Document checks with selfies
- AI-based age estimation
- Database or card-based verification
The platform is leaning towards AI inference, claiming that most users won’t need to upload IDs or complete facial scans. However, security researchers argue that these systems are often designed for compliance rather than security, making them vulnerable to determined attackers.
Bypass Techniques 🚫
Kwangyun Keum, an offensive security engineer, notes that many age verification systems assume users will follow the rules, which is not the case in reality. Teens are already adept at bypassing age restrictions, with studies showing that a significant percentage of children under 13 regularly navigate around social media safeguards.
Keum outlines various technical and non-technical methods for bypassing age verification, including the use of fake identities and sophisticated presentation attacks. One popular method involves using realistic game characters to spoof facial recognition systems.
For more details, check out the full article here: Read full article