📣 Worldcoin's Software Passes Security Audit with Flying Colors
posted 14 Mar 2024
Trail of Bits, a cybersecurity company, has announced that the software behind Worldcoin's Orb device, which scans users' irises, is devoid of any exploitable flaws that could accelerate the project's progression unduly.
The audit report highlights that the Orb device does not retain any personal data during its operation. Instead, it securely sends the scanned iris's unique code to the company's server via encrypted channels. This thorough examination of the software's various iterations took more than seven months to complete.
In addition to the audit findings, two security improvement recommendations were made: overhaul the device's registration process and substitute the ZBar library for QR code scanning with a more secure Rust version to mitigate potential data breaches. Worldcoin has promptly addressed and implemented these suggestions.
Earlier actions by Spanish regulators to suspend Worldcoin's activities raised issues regarding privacy risks, the involvement of minors, and the irrevocable consent for using biometric data, which the company has criticized as contrary to EU legislation.
The audit report highlights that the Orb device does not retain any personal data during its operation. Instead, it securely sends the scanned iris's unique code to the company's server via encrypted channels. This thorough examination of the software's various iterations took more than seven months to complete.
In addition to the audit findings, two security improvement recommendations were made: overhaul the device's registration process and substitute the ZBar library for QR code scanning with a more secure Rust version to mitigate potential data breaches. Worldcoin has promptly addressed and implemented these suggestions.
Earlier actions by Spanish regulators to suspend Worldcoin's activities raised issues regarding privacy risks, the involvement of minors, and the irrevocable consent for using biometric data, which the company has criticized as contrary to EU legislation.