REPORT | WorldCoin’s Orbs Contain No Vulnerabilities, Says New Audit Report

The audit also identified areas for enhancement suggesting additional hardening of the orb's software and hardware configurations to enhance security further.

WorldCoin’s ORB technology adheres to rigorous privacy protocols, especially concerning the processing and storage of personally identifiable information (PII), says a new audit report.

The audit, conducted by cybersecurity firm, Trail of Bits, was released on March 13 2024 revealing that there are no vulnerabilities in the ORB software and validated many of the claims made by WorldCoin.

The audit commenced on August 14 2023 following concerns raised by multiple regulators worldwide regarding WorldCoin’s collection of biometric data leading to some regulators outright banning its operations. This includes a suspension in Kenya where the firm’s activities raised an uproar within the public.

Trail of Bits’ audit was aimed at meticulously scrutinizing the orb’s software with a particular focus on its treatment of personally identifiable information (PII) and the management of users’ iris codes.

In the default opt-out signup process, the orb gathers no personally identifiable information (PII) except for the iris code. This iris code is not stored persistently nor transmitted outside the orb. In instances where users choose to opt-in, their PII is encrypted on the orb’s solid-state drive (SSD) in a manner that even the orb cannot decrypt, demonstrating a robust commitment to data privacy.

Furthermore, the audit confirmed that the orb does not extract any additional sensitive data from a user’s device. The only information collected is from a QR code, ensuring a minimalistic approach to data collection that aligns with privacy best practices.

Crucially, the iris code, being a critical piece of biometric data, is securely handled throughout its collection and transmission process, effectively mitigating the risk of unauthorized access or interception.

The audit also identified areas for enhancement suggesting additional hardening of the orb’s software and hardware configurations to enhance security further.

In response, WorldCoin has implemented changes such as replacing a vulnerable library utilized for QR code scanning with a more secure alternative.

The Trail of Bits audit represents just one facet of WorldCoin’s continuous endeavors to safeguard the security and privacy of its technology. Given that the ORB technology is pivotal to the WorldCoin project’s mission of offering a universal basic income, these rigorous security evaluations are indispensable for upholding user trust and project integrity.




Follow us on Twitter for the latest posts and updates

Join and interact with our Telegram community