Solana shuts down ‘false’ CertiK report on Saga phone security flaws
A recent video from blockchain security firm Certike made a series of “false” claims about potential security vulnerabilities in Solana's crypto-enabled Saga phone, Solana Labs said.
In the year In a November 15 post on X (formerly Twitter), Certike said the Saga phone has a “critical vulnerability” known as a “bootloader,” which is believed to allow a malicious actor to install a hidden backdoor into the phone.
Ever wondered about the security of your Web3 devices?
Our latest exploration reveals a significant bootloader vulnerability in the Solana phone, a challenge not only for this device but for the entire industry. Our commitment to improving safety standards is unwavering. …pic.twitter.com/lHZ5W7hXzy
— CertiK (@CertiK) November 15, 2023
In a report sent to Cointelegraph by Certike, the bootloader unlock “allows an attacker to install custom firmware with physical access to the phone, a root backdoor.”
“We show that this can compromise highly sensitive data stored on the phone, including cryptocurrency private keys,” the Certike report said.
However, a Solana Labs spokesperson told Cointelegraph that Certike's claims were untrue and that the video showed no legitimate threat to the Saga device.
“Certike's video does not disclose any known vulnerabilities or security risks to Saga owners.”
According to Android's internal open source project documentation, bootloader unlocking can be done on a variety of Android devices.
To unlock the Solana Labs bootloader and install custom firmware, an attacker would have to go through several steps, only after unlocking the device with the user's passcode or fingerprint.
“Unlocking the bootloader wipes the device, which users often worry about when unlocking the bootloader, so it's not a process that takes place without users' active participation and awareness,” Solana Labs said.
Related: Making Real-World Block Solutions – Solana Co-Founder Raj Gokal
Additionally, if anyone proceeds to unlock the bootloader on an Android device, they will receive a series of warnings about the implications of the process.
If you ignore these warnings, the device will be destroyed along with their private keys.
The Solana Saga phone will be released in April 2022 at a price of $1,099. The phone offers a Web3-native DApp store in a bid to integrate crypto applications with tech hardware.
In April, we introduced Saga with a clear vision: to put web3 at your fingertips. We will continue to work to bring more people into the ecosystem and lead the mobile future of Web3. Today we're dropping the Saga price to $599.
Over the past four months, Saga users have… pic.twitter.com/qpC1BHiqZ7
— Solana Mobile (@solanamobile) August 9, 2023
Four months later, however, Solana dropped the price to $599 — following a sharp drop in sales.
CertiK did not immediately respond to a request for comment on Solana Labs' denial.
Magazine: I spent a week working in VR. It was awful, but…
