Thomas Daniels

Published On: 15/03/2024
Share it!
Trail of Bits Clears Worldcoin's Identification Protocol of Vulnerabilities, Amid Rising Security Concerns
By Published On: 15/03/2024

Trail of Bits conducted an independent assessment of Worldcoin’s decentralized identification protocol. This evaluation revealed that on August 14, 2023, the Trail of Bits professionals initiated an examination of the Worldcoin’s software and the Orb device, which is designed to perform iris scans of users. Over a six-week period, these experts meticulously analyzed the code to identify any potential security weaknesses. This included the simulation of various cyber-attack scenarios to assess if user data could be compromised. The findings were reassuring, indicating that the code of the device is free from vulnerabilities that could be exploited.

Furthermore, the audit highlighted that it would be challenging for potential cybercriminals to intercept iris data from the Orb’s network traffic. Such an attempt would require the hacker to gain control over a trusted certificate, presenting a significant barrier to unauthorized data extraction.

The conclusion of the Trail of Bits team was clear: “We found no exploitable vulnerabilities in the Orb’s code concerning the stated project objectives.”

This audit’s publication coincided with a notable, albeit temporary, appreciation in the value of Worldcoin’s native cryptocurrency, WLD, which saw a 4% increase from $9.50 to $9.90. Despite this brief surge, the cryptocurrency’s value later adjusted to $9.60, as per the latest figures from CoinMarketCap, marking a 20% decline from its peak value of $11.82 on March 10.

The security of Worldcoin has been a topic of discussion for some time. In March, Spain’s data protection authority (AEPD) issued a directive to Worldcoin to cease the collection of personal data and to manage the data already gathered responsibly. Since its debut in July 2023, the initiative has come under scrutiny in various countries, including Germany, France, the U.K., and Kenya, over privacy concerns.

In a further development, authorities in Hong Kong conducted a search of the company’s premises in January, and in early March, South Korea launched an investigation into the startup for its practices around the collection of biometric information.

source