Solana argues that an attacker would still need the permission of the phone owner to gain entry.
Solana has responded to claims by blockchain security firm CertiK that there is a security threat to its Saga phone. In a Wednesday video post on X, CertiK alleged that the holders of the smartphone may be exposed to what is called a “bootloader vulnerability”. According to the firm, this loophole could allow bad actors to create some sort of backdoor access to the phone.
In a bid to highlight its discovery, CertiK showcased, via a screenshot, what Saga’s screen would look like after a backdoor install has been completed. The 1-minute video then concluded on the note that hackers will have full access to the holder’s phones and any data that they might have stored therein. This includes access to their safely stored crypto. In a statement, CertiK wrote:
“We demonstrate that this can compromise the most sensitive data stored on the phone, including cryptocurrency private keys.”
CertiK’s Report on Solana Saga Is Incorrect, Firm Counters
Meanwhile, Solana has now reacted to the video, saying that CertiK’s claims are “inaccurate.” In its defence, the Saga phone maker says that the video does not exactly show the vulnerability as something peculiar to the Saga device. At best, it shows someone unlocking the bootloader, in a way that could be done with virtually any Android device, Solana noted.
Furthermore, Solana argues that an attacker would still need the permission of the phone owner to gain entry. According to Steven Laver, lead software engineer of mobile at Solana Labs, unlocking the bootloader can only take place at the behest of the owner. The company’s response reads:
“Unlocking the bootloader wipes the device, which users are alerted about multiple times when unlocking the bootloader, so it’s not a process that can take place without users’ active participation or awareness.”
The Phone
Solana released the Saga phone in April 2023 in a singular effort to merge Web3.0 with smartphones. According to Laver, the phone was mainly designed to allow users to have “self-custody of their assets”. However, it also brought a more comfortable feel to users who could now take their assets with them everywhere they went.
Initially, it had a price tag of $1,099. However, four months after the launch, Solana slashed the price by nearly half to $599. But while that is common practice in the consumer electronics business, the price cut was more because of a steep decline in sales.
So far though, CertiK’s report has yet to negatively impact SOL – the native token of the Solana network. As of publication, CoinMarketCap data even suggests that it is up more than 11% in the past 24 hours.
CertiK is yet to respond to Solana’s counterclaims as of press time.
next
Source: https://www.coinspeaker.com/solana-certik-saga-phone-flaw-claims/