Worldcoin has found a vulnerability that allows you to bypass verification
Date: 2023-08-05 Author: Karina Ziganova Categories: CRYPTO PAYMENTS, IN WORLD
Blockchain security firm CertiK has reported problems in the system of Sam Altman's Worldcoin project.
Back in May, CertiK discovered a vulnerability in the Worldcoin verification process that could potentially allow hackers to compromise user data and bypass the identity verification process. The Worldcoin team later confirmed the vulnerability and took steps to fix it.
However, as noted in CertiK, regulators still express concern about the safety of user data on the platform. Therefore, the incident highlights the importance of proper cybersecurity measures for any platform that handles sensitive information about users, CertiK concluded.
Dozens of security issues
The published audit report also showed that the project found a number of security problems. The Nethermind auditor identified 26 protocol security issues. At the verification stage, 24 (92.6%) of them were corrected. Least Authority found three issues and provided six proposals, all of which have been resolved or are about to be resolved.
However, most of the identified vulnerabilities have been or will be resolved in the near future, with the exception of one, which is still under evaluation.
Authorities are investigating Worldcoin
Earlier, journalists, citing the head of the Bavarian State Office for Supervision of Data Protection, Michael Will, reported that the German regulator had begun proceedings against the American startup back in November 2022.
The reason for the investigation was concerns about the processing of sensitive data in large volumes. According to Will, retinal scanning technology "is not properly analyzed for a specific purpose in the field of financial communication."
In addition to Germany, the activities of the project are being studied by the British Information Commissioner's Office. How long ago the investigation began is not specified. The French data protection regulator (CNI) also questions the legality of collecting user biometric data, and the Kenyan Ministry of the Interior has suspended Worldcoin's local operations.
