Fun

Worldcoin: Trail of Bits audit shows no vulnerability for Orb software

News Feed - 2024-03-14 11:03:36

Christopher Roark9 hours agoWorldcoin: Trail of Bits audit shows no vulnerability for Orb softwareA third-party project audit reportedly claimed that Orb devices do not record users’ iris codes onto persistent memory and only transmit codes through end-to-end encrypted messaging.11331 Total views2 Total sharesListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTJoin us on social networksHuman identity project Worldcoin has obtained a third-party audit of its Orb software, according to a draft of a March 14 report from the development team seen by Cointelegraph. The audit was performed by Trail of Bits, which claimed to have found no vulnerabilities that “can be directly exploited in relation to the Project Goals as described,” the report stated. The full Trail of Bits report is expected to be published on March 14, according to an emailed statement from Worldcoin.


Worldcoin allows people to verify their humanity by registering with a phone number or email address or by having their iris scanned by an Orb device. When a user performs this registration, they obtain a “World ID” that can be used to prove they are an actual human. The project was co-founded by Sam Altman, who also co-founded ChatGPT developer OpenAI. Altman claimed that he helped to create Worldcoin out of fear that artificial intelligence (AI) bots may soon be able to pose as humans effectively.Source: Worldcoin on X


Privacy advocates have criticized Worldcoin on the grounds that it risks leaking users’ iris scans to hackers or governments. These iris scans could potentially be used to reveal all of the activity a person performs with their World ID.


Related:Spanish court denies Worldcoin’s injunction request against regulator


According to the report from Worldcoin, Trail of Bits began its assessment on Aug. 14, 2023. The security firm was given version 3.1.10, which was “frozen” for assessment purposes on July 8, 2023. The current version is 4.0.34, the report stated.


The auditors reportedly spent six weeks investigating the code for any potential vulnerabilities. They considered several attack vectors that a hacker could use to obtain a user’s iris scan but ultimately concluded that “our analysis did not uncover vulnerabilities in the Orb’s code that can be directly exploited in relation to the Project Goals as described.” Specifically, the auditors concluded that an attacker could not obtain the user’s iris code unless the attacker has control of one of the trusted certificates. They reportedly stated:“We believe the iris code is not written to persistent storage on the Orb and that it is included only in a single request to the Orb’s back end [...] [W]hile this configuration can be improved to make it more secure (TOB-ORB-10), it should not be possible for typical attackers to extract the iris code from the Orb’s network traffic; the attacker would have to be in control of one of the trusted certificates.”


According to the report, the auditors did make two recommendations to improve the Orb’s security. The first was to “harden” the configuration for the signup flow to ensure that future changes do not introduce security issues. The second was to replace the ZBar library used to scan QR codes during signup with a pure Rust version. The auditors claimed that ZBar might have “memory safety” issues that could leak configuration data, such as the user’s “data custody choice,” if this change was not made. The Worldcoin team implemented both of the suggested changes, the report stated.


The debate over Worldcoin’s privacy practices may continue for some time. On March 6, Spain’s Agency for the Protection of Data issued an injunction against the project, claiming that the agency needed time to investigate claims that Worldcoin violated data protection laws. In response, Worldcoin claimed that it did not violate these laws and that the Spanish government was “circumventing EU law” by issuing the injunction.# Blockchain# Privacy# Identity# AI# Worldcoin# RegulationAdd reactionAdd reactionRead moreLazarus Group moves $12M from HTX, HECO hacks to Tornado CashData privacy and security concerns worry nearly half of tech industry consumers: ReportNigerian crypto community split over govt’s bid for Binance user data

News Feed
XRP Surges Past $3.2 As Whale Activity Spikes 81%
Este artículo también está disponible en español. XRP has enjoyed a rally beyond the $3.2 mark as on-chain data shows the cryptocurrency is among the altcoins witnessing
2025-01-18 03:30 AM
Settlement Denied: XRP Drops After Ripple Hits Legal Roadblock
Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and pu
2025-05-17 03:00 AM
Bitcoin Dominance Increases, ETH’s Market Share Slides, Stablecoin and Smart Contract Coins Rise
Bitcoin Dominance Increases, ETH"s Market Share Slides, Stablecoin and Smart Contract Coins Rise On Wednesday, the crypto economy of 12,620 coins across 543 exchanges is hovering j
2022-01-20 05:30 AM
Crypto Donations Pour in After Ukraine Government Asks for Bitcoin and Ether — $17 Million Raised so Far
Crypto Donations Pour in After Ukraine Government Asks for Bitcoin and Ether — $17 Million Raised so Far Ukraine has raised more than $17 million in cryptocurrency donations sinc
2022-02-28 01:35 AM
Bitcoin ETF investors buy the dip: Daily inflows hit $295M
Tom Mitchelhill3 hours agoBitcoin ETF investors buy the dip: Daily inflows hit $295MUnited States-listed spot Bitcoin ETFs have notched their biggest day of inflows in over a month amid a slump in the crypto markets.1480
2024-07-09 14:49 PM
Bitcoin hits 16-month high ‘positive sentiment’ as price sits near $68K
Ciaran Lyons2 hours agoBitcoin hits 16-month high ‘positive sentiment’ as price sits near $68KAccording to Santiment data, the term “Bitcoin” is being used more positively on social media now than at any time in
2024-07-28 15:03 PM
The Swappery Cross-Chain DEX Launches Utilizing Casper Blockchain
The Swappery Cross-Chain DEX Launches Utilizing Casper Blockchain press release PRESS RELEASE.With the unprecedented global rise of decentralization and emerging technologies like N
2022-09-02 08:00 AM
Brazil Could Launch Its Defi-Integrated Digital Real in 2024
Brazil Could Launch Its Defi-Integrated Digital Real in 2024 Roberto Campos Neto, president of the Central Bank of Brazil, has stated that the digital real project, the Brazilian c
2022-12-17 13:30 PM
Federal Reserve Board drops enforcement action against Silvergate
Vince Quill6 hours agoFederal Reserve Board drops enforcement action against SilvergateSilvergate Bank, a former crypto-friendly bank, collapsed in March 2023 due to the fallout created by the implosion of the FTX exchan
2024-07-27 02:01 AM
ETH 2.0 Scheduled for December, Vitalik Deposits $1.4M Worth of Ether Into Phase 0 Contract
ETH 2.0 Scheduled for December, Vitalik Deposits $1.4M Worth of Ether Into Phase 0 Contract This December the cryptocurrency community may see the first introduc
2020-11-07 09:30 AM
Tom Mitchelhill19 minutes agoCypher Protocol freezes smart contract after an estimated $1M exploitA crypto wallet suspected to be tied to the exploit shows it gained over $1 million in SOL and UDSC since the attack.81 To
2023-08-08 08:41 AM
DOJ Seizes $500K in Ransom Payments, Cryptocurrency From State-Sponsored North Korean Hackers
DOJ Seizes $500K in Ransom Payments, Cryptocurrency From State-Sponsored North Korean Hackers The U.S. Department of Justice (DOJ) has seized $500K in ransom payments and cryptocur
2022-07-21 12:30 PM