CertiK Says Saga Phone Has Bootloader Vulnerability; Solana Denies

CertiK Says Saga Phone Has Bootloader Vulnerability; Solana Denies

Solana’s Saga phone is one of the aspiring achievements of the company which entered the market after years of toil. The Android-based Web3 smartphone recently got into the news after a potential vulnerability was found in the device. Blockchain security firm CertiK brought the report after analyzing the device and raised concerns that the vulnerability can make Saga prone to digital attacks.

CertiK posted a one-minute video on social media platform X, formerly Twitter, on Wednesday, November 15. The video with the caption asking a question about Web3 devices’ security mentioned finding a “bootloader vulnerability” in the Solana phone. 

The video showed a user exploiting the alleged vulnerability to hack into the phone and access crucial information. It even showed a demo of how the exploitation could lead to stealing crypto assets. 

The blockchain security company claims that the bootloader makes the Solana devices that “contain a root backdoor” prone to threat activities. However, it’s also important to note that the attacker could only access the device if it’s available physically. 

CertiK stated in the post “The boot loader is unlocked and software integrity cannot be guaranteed. Any data stored on the device may be available to attackers, Do not store any sensitive data on the device” 

A backdoor software can be installed in a device such as a mobile phone that can allow further compromise including accessing sensitive information. 

Solana Disagrees With the Allegations of CertiK

Solana Labs responded to CertiK’s revelation about alleged vulnerabilities in Solana Saga phones. The company denies that it’s an inherent issue in their device. Rather, they said that any Android device is vulnerable to backdoor attacks. 

In an official Open Source Project documentation of Android it is also highlighted that the bootloader can be locked and unlocked. 

However, it’s not as easy as it may sound. As mentioned already, the attacker must have physical access to the device in order to inject the software before hacking it. This itself acts as a hindrance in the process for illicit actors to enter the phone through backdoor. 

Many X users responded to CertiK and a majority of them seem to disagree with the blockchain security firm’s claims. Some even claimed this action aimed to attack Solana phone’s popularity. They also voiced the argument that any Android device can be hacked through the process shown in the video. 

CertiK Says Saga Phone Has Bootloader Vulnerability; Solana Denies
CertiK Says Saga Phone Has Bootloader Vulnerability; Solana Denies

X users called out for not using “Seed Vault” which is supposed to support digital assets and seeds in the devices. 

Source: https://www.thecoinrepublic.com/2023/11/16/certik-says-saga-phone-has-bootloader-vulnerability-solana-denies/