Solana Dismisses CertiK Report On Saga Phone Vulnerability

Desk of Contents

Solana Labs has dismissed a latest video by CertiK, stating that the blockchain safety agency made a number of inaccurate claims a couple of potential safety vulnerability in Solana’s Saga telephone. 

Saga is Solana’s crypto-enabled Android telephone and was launched in April. The telephone is designed to pair Web3 with smartphones. 

The CertiK Video 

CertiK, in a publish on X (previously Twitter) on the fifteenth of November, claimed that the Saga telephone contained a important vulnerability often called a “bootloader unlock” vulnerability. The vulnerability might give malicious actors a backdoor entry into the telephone and compromise the preliminary software program liable for the beginning of the system to be compromised. CertiK additionally claimed the bootloader vulnerability would enable any attacker with bodily entry to a telephone to load customized firmware that incorporates a root backdoor. CertiK said, 

“We exhibit that this could compromise essentially the most delicate information saved on the telephone, together with cryptocurrency non-public keys. The boot loader is unlocked, and software program integrity can’t be assured. Any information saved on the system could also be out there to attackers. Don’t retailer any delicate information on the system.”

The message from CertiK signifies that the telephone could possibly be hacked. Nevertheless, it isn’t but clear if the vulnerability is exclusive to the Saga telephone or if it might affect different Android units. 

Solana Calls CertiK Claims Inaccurate 

Nevertheless, Solana has dismissed CertiK’s issues about any potential vulnerability within the Saga telephone. Lead software program engineer of cell at Solana Labs, Steven Laver, said that the CertiK video didn’t reveal any recognized vulnerability or safety menace to Saga customers. As a substitute, the video solely demonstrates the person unlocking the bootloader, which Laver said could possibly be performed on any Android system. 

“The CertiK video doesn’t reveal any recognized vulnerability or safety menace to Saga holders. The video exhibits the person unlocking the bootloader, which is one thing that may be performed on many Android units.”

Android’s inner Open Supply Mission documentation additionally exhibits that unlocking a bootloader is an motion that may be carried out throughout a number of Android units. Laver additional added, 

“Unlocking the bootloader is a sophisticated function of Saga and is disabled by default. We imagine in permitting customers the selection of how they use their telephone. Nevertheless, unlocking the bootloader shouldn’t be a safety vulnerability – a person should explicitly enable such modifications to be made to their system, and people modifications can solely be made by a licensed person of the telephone.”

Nevertheless, if the person or attacker proceeds to unlock the bootloader, they not solely undergo a number of warnings however their system is wiped, together with their non-public keys. Laver added that this course of couldn’t be performed with out the person’s consciousness or energetic participation. The video then confirmed how the attacker might drain BTC from the pockets connected to the telephone. Nevertheless, it didn’t present Seed Vault within the video. Seed Vault protects supported digital belongings and seeds. 

Seed Vault was introduced in 2022 and might entry the best privileged safety surroundings out there on a tool. This consists of safe working modes of the processor to devoted Safe Parts, which guarantee a safe transaction signing expertise by way of UI parts constructed into Android. 

The Saga Telephone 

Saga was launched in April and was designed to pair the Web3 ecosystem with smartphones. Aside from conventional app shops, Solana additionally affords a separate app retailer. The telephone permits customers to have self-custody of their belongings and hold them with them on the go. A number of months after its launch, Solana slashed the worth of Saga by 40%, from $1000 to $599.

On the time, the top of enterprise operations for Solana Cell, Emmett Hollyer, said that worth discount was a typical technique employed within the shopper electronics enterprise, notably when it got here to smartphones. 

Disclaimer: This text is offered for informational functions solely. It isn’t supplied or meant for use as authorized, tax, funding, monetary, or different recommendation.