Solana Dismisses CertiK Report On Saga Phone Vulnerability

Desk of Contents

Solana Labs has dismissed a contemporary video by CertiK, stating that the blockchain security company made a variety of inaccurate claims a few potential security vulnerability in Solana’s Saga phone. 

Saga is Solana’s crypto-enabled Android phone and was launched in April. The phone is designed to pair Web3 with smartphones. 

The CertiK Video 

CertiK, in a publish on X (beforehand Twitter) on the fifteenth of November, claimed that the Saga phone contained a necessary vulnerability typically known as a “bootloader unlock” vulnerability. The vulnerability may give malicious actors a backdoor entry into the phone and compromise the preliminary software program program accountable for the start of the system to be compromised. CertiK moreover claimed the bootloader vulnerability would allow any attacker with bodily entry to a phone to load personalized firmware that includes a root backdoor. CertiK stated, 

“We exhibit that this might compromise primarily essentially the most delicate data saved on the phone, along with cryptocurrency private keys. The boot loader is unlocked, and software program program integrity can’t be assured. Any data saved on the system may be on the market to attackers. Don’t retailer any delicate data on the system.”

The message from CertiK signifies that the phone may probably be hacked. Nonetheless, it isn’t however clear if the vulnerability is unique to the Saga phone or if it would have an effect on totally different Android models. 

Solana Calls CertiK Claims Inaccurate 

Nonetheless, Solana has dismissed CertiK’s points about any potential vulnerability inside the Saga phone. Lead software program program engineer of cell at Solana Labs, Steven Laver, stated that the CertiK video didn’t reveal any acknowledged vulnerability or security menace to Saga clients. Instead, the video solely demonstrates the particular person unlocking the bootloader, which Laver stated may probably be carried out on any Android system. 

“The CertiK video doesn’t reveal any acknowledged vulnerability or security menace to Saga holders. The video reveals the particular person unlocking the bootloader, which is one factor which may be carried out on many Android models.”

Android’s internal Open Provide Mission documentation moreover reveals that unlocking a bootloader is an movement which may be carried out all through a variety of Android models. Laver further added, 

“Unlocking the bootloader is a classy perform of Saga and is disabled by default. We think about in allowing clients the collection of how they use their phone. Nonetheless, unlocking the bootloader shouldn’t be a security vulnerability – an individual ought to explicitly allow such modifications to be made to their system, and other people modifications can solely be made by a licensed particular person of the phone.”

Nonetheless, if the particular person or attacker proceeds to unlock the bootloader, they not solely bear a variety of warnings nonetheless their system is wiped, along with their private keys. Laver added that this course of couldn’t be carried out with out the particular person’s consciousness or energetic participation. The video then confirmed how the attacker may drain BTC from the pockets linked to the phone. Nonetheless, it didn’t current Seed Vault inside the video. Seed Vault protects supported digital belongings and seeds. 

Seed Vault was launched in 2022 and may entry the most effective privileged security environment on the market on a device. This consists of protected working modes of the processor to devoted Secure Components, which assure a protected transaction signing experience by means of UI elements constructed into Android. 

The Saga Phone 

Saga was launched in April and was designed to pair the Web3 ecosystem with smartphones. Other than typical app outlets, Solana moreover affords a separate app retailer. The phone permits clients to have self-custody of their belongings and maintain them with them on the go. Numerous months after its launch, Solana slashed the price of Saga by 40%, from $1000 to $599.

On the time, the highest of enterprise operations for Solana Cell, Emmett Hollyer, stated that value low cost was a typical method employed inside the shopper electronics enterprise, notably when it received right here to smartphones. 

Disclaimer: This textual content is obtainable for informational capabilities solely. It isn’t provided or meant to be used as approved, tax, funding, financial, or totally different advice.