Solana Labs, the company behind Solana (SOL), has denied the security vulnerability claim made by the cybersecurity firm, CertiK, against the Saga smartphone. Solana Labs alleged that CertiK made a series of false claims about a potential security vulnerability in Saga, a crypto-enabled smartphone, in a recent video.
Solana Labs Denies CertiK’s Alarming Saga Claim
CertiK, in a tweet on November 15th, stated that the Saga smartphone contained a critical security vulnerability that could allow a malicious actor to install a hidden backdoor on the phone, known as a “bootloader unlock” attack.
CertiK’s report highlighted that unlocking the bootloader would allow a physically present attacker to install customized firmware containing a root backdoor. The report stated, “This could jeopardize the most sensitive data stored on the smartphone, including private keys for cryptocurrency wallets.”
A spokesperson for Solana Labs stated in response to the report that CertiK’s claims were false and emphasized that the video did not demonstrate any legitimate threat to Saga users. They said, “CertiK’s video does not reveal any known security vulnerability or threat to Saga users.”
The Android Open Source Project documentation shows that unlocking a bootloader can also be done on various other Android devices. Solana Labs added that an attacker would need to go through multiple steps to unlock the bootloader and install custom device software, which can only be done after unlocking the device using the user’s password or fingerprint.
Solana Labs stated, “Unlocking the bootloader erases data on the device, and users are prompted multiple times when unlocking the bootloader, so it is not a process that can happen without the active participation or awareness of the user.” Additionally, it was emphasized that when attempting to unlock the bootloader on an Android device, a series of warnings about the consequences of the process is given, and if these warnings are ignored, the device’s data, including private keys, will be erased.
Saga Was Released in April 2022
As known, Solana released the crypto-enabled smartphone, Saga, in April 2022 with a price tag of $1,099. The smartphone offers a decentralized app store specific to Web3, aiming to integrate crypto applications into the hardware technology.
Four months after the release of Saga, Solana reduced its price to $599 following a sharp decline in sales.
