Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wprss domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/web/domains/solanachain.news/public_html/wp-includes/functions.php on line 6114
Solana Refutes CertiK’s Findings on Saga Phone Vulnerability – Solana Chain News – One Stop News Solution for Solana

Solana Refutes CertiK’s Findings on Saga Phone Vulnerability

Solana Dismisses CertiK’s Findings

Solana Labs has dismissed a recent video by CertiK, stating that the blockchain security firm made several inaccurate claims about a potential security vulnerability in Solana’s Saga phone.

Saga Phone Overview

Saga is Solana’s crypto-enabled Android phone and was released in April. The phone is designed to pair Web3 with smartphones.

The CertiK Video

CertiK, in a post on X (formerly Twitter) on the 15th of November, claimed that the Saga phone contained a critical vulnerability known as a “bootloader unlock” vulnerability. The vulnerability could give malicious actors a backdoor entry into the phone and compromise the initial software responsible for the starting of the device to be compromised.

CertiK also claimed the bootloader vulnerability would allow any attacker with physical access to a phone to load custom firmware that contains a root backdoor. CertiK stated,

  • “We demonstrate that this can compromise the most sensitive data stored on the phone, including cryptocurrency private keys. The boot loader is unlocked, and software integrity cannot be guaranteed. Any data stored on the device may be available to attackers. Do not store any sensitive data on the device.”

The message from CertiK indicates that the phone could be hacked. However, it isn’t yet clear if the vulnerability is unique to the Saga phone or if it could impact other Android devices.

Solana Calls CertiK Claims Inaccurate

However, Solana has dismissed CertiK’s concerns about any potential vulnerability in the Saga phone. Lead software engineer of mobile at Solana Labs, Steven Laver, stated that the CertiK video did not reveal any known vulnerability or security threat to Saga users. Instead, the video only demonstrates the user unlocking the bootloader, which Laver stated could be done on any Android device.

“The CertiK video does not reveal any known vulnerability or security threat to Saga holders. The video shows the user unlocking the bootloader, which is something that can be done on many Android devices.”

Android’s internal Open Source Project documentation also shows that unlocking a bootloader is an action that can be performed across several Android devices. Laver further added,

“Unlocking the bootloader is an advanced feature of Saga and is disabled by default. We believe in allowing users the choice of how they use their phone. However, unlocking the bootloader is not a security vulnerability – a user must explicitly allow such changes to be made to their device, and those changes can only be made by an authorized user of the phone.”

However, if the user or attacker proceeds to unlock the bootloader, they not only go through multiple warnings but their device is wiped, along with their private keys. Laver added that this process could not be done without the user’s awareness or active participation. The video then showed how the attacker could drain BTC from the wallet attached to the phone. However, it did not show Seed Vault in the video. Seed Vault protects supported digital assets and seeds.

The Saga Phone

Saga was launched in April and was designed to pair the Web3 ecosystem with smartphones. Apart from traditional app stores, Solana also offers a separate app store. The phone allows users to have self-custody of their assets and keep them with them on the go. A few months after its launch, Solana slashed the price of Saga by 40%, from $1000 to $599.

At the time, the head of business operations for Solana Mobile, Emmett Hollyer, stated that price reduction was a common strategy employed in the consumer electronics business, particularly when it came to smartphones.

Leave a Reply

Your email address will not be published. Required fields are marked *