[Retr0id]

Hardware enclaves are never 100% impenetrable, it comes down to making the cost of attack greater than what an attacker expects to gain. Traditional card payment terminals use nominally secure hardware and yet struggle with that tradeoff to this day, and I'm not convinced WorldCoin will do any better.

The SoC they're using, the Jetson Xavier NX, is a cousin of the very thoroughly pwned (secure enclaves and all) TX1.

Further, they don't describe how the busses connecting the sensors to the SoC are encrypted and/or authenticated, which leads me to believe that they are not.

Intel gave up on shipping SGX in consumer devices because (imho) shipping secure enclaves directly to "adversaries" (the consumer being an adversary under the SGX threat model) proved too difficult to maintain.

[Retr0id]

They talk about a future bug bounty program - I'm certainly intrigued, and if the up-front hardware costs aren't too high I might give it a go.

[wkat4242]

> (the consumer being an adversary under the SGX threat model) proved too difficult to maintain.

This is what's wrong with so much of this "security" tech. It's not for our security but for that of the businesses and their business models behind it.