Solana Labs Dismisses CertiK Video Claims
Solana Labs has rejected a recent video by CertiK, stating that the blockchain security firm made several inaccurate claims about a potential security vulnerability in Solana’s Saga phone. The Saga is Solana’s crypto-enabled Android phone, released in April, designed to pair Web3 with smartphones.
The CertiK Video
CertiK claimed that the Saga phone contained a critical vulnerability known as a “bootloader unlock” vulnerability, which could give malicious actors a backdoor entry into the phone and compromise its initial software. The vulnerability would allow any attacker with physical access to load custom firmware containing a root backdoor, compromising sensitive data, including cryptocurrency private keys. However, it isn’t clear if the vulnerability is unique to the Saga phone or if it could impact other Android devices.
Solana Calls CertiK Claims Inaccurate
Solana has dismissed CertiK’s concerns about any potential vulnerability in the Saga phone. They stated that unlocking the bootloader is an advanced feature of Saga and is disabled by default. Users must explicitly allow such changes to be made to their device, and those changes can only be made by an authorized user of the phone.
If the user proceeds to unlock the bootloader, they go through multiple warnings and their device is wiped along with their private keys. However, this process could not be done without the user’s awareness or active participation. The video did not show Seed Vault, which protects supported digital assets and seeds.
The Saga Phone
Saga pairs the Web3 ecosystem with smartphones and allows users to have self-custody of their assets on the go. A few months after its launch, Solana slashed the price of Saga by 40%, from $1000 to $599.
Hot Take: Solana Stands Firm Against Allegations
Despite CertiK’s claims, Solana Labs remains confident in the security of its Saga phone and stands firm against allegations of potential vulnerabilities.
By
By
By
By
By