Solana’s Saga Phone is Vulnerable to Critical Exploit, Certik Says

The exploit could “compromise the most sensitive data stored on the phone, including cryptocurrency private keys.”

Solana’s phone is vulnerable to an attack that can put any digital assets stored on it “at extreme risk,” according to an emailed statement by blockchain security firm Certik. Solana Foundation denies those claims.

The vulnerability allows an attacker with physical access to a phone to load custom firmware containing a root backdoor, Certik said, adding that the exploit could “compromise the most sensitive data stored on the phone, including cryptocurrency private keys.”

Solana’s cel phone, which launched in April, is an Android device that was marketed as being “purpose-built for crypto.”

Solana Response

A Solana Foundation spokesperson said in reply to a request for comment that CertiK hasn’t revealed a security threat to Saga holders.

“Unlocking the bootloader is an advanced feature of Saga, and is disabled by default,” Solana said in an emailed statement. “Unlocking the bootloader is not a security vulnerability – a user must explicitly allow such changes to be made to their device, and those changes can only be made by an authorized user of the phone.”

Certik recommends that Saga phones consider enforcing more restrictions on the bootloader unlocking feature, as it could expose any plaintext data stored on the device, including private keys. A hidden root backdoor allows the phone to operate as usual while being compromised.

Certik also said the phone’s wallet depends only on the device’s operating system for security. Solana said in the emailed statement that’s not the case as the Seed Vault, a custody system built into the phone, increases the security of a user’s seed phrases and supported digital assets.

“Saga users are always encouraged to enable Seed Vault wallets to protect their digital assets,” Solana said.

the-defiant
Solana Phone Risks

[UPDATED @ 12:15PM ET to include comment from Solana Foundation]

DeFi AlphaPremium Content

Start for free

Source: https://thedefiant.io/certik-uncovers-critical-vulnerability-in-solana-phone