Solana Labs Refutes CertiK’s Claim on Saga Phone’s Vulnerability
Solana Labs has disputed a series of claims made by blockchain security firm CertiK in a recent video, regarding a “critical vulnerability” in its crypto-enabled Saga phone.
CertiK alleged that the Saga phone was susceptible to a “bootloader unlock” attack, granting a malicious actor the ability to install a covert backdoor on the phone.
The Alleged Threat
According to CertiK’s claim, such an attack allows for custom firmware to be downloaded onto the phone, alongside a root backdoor. This vulnerable spot could lead to a compromise in highly sensitive data stored on the phone, including private cryptocurrency keys.
However, Solana Labs maintains that these claims are not factually correct. They argued that the video presented no concrete evidence of an existing vulnerability or security threat that would affect Saga phone owners.
Contact with Android Open Source Project
Android Open Source Project’s (AOSP) internal documentation reveals that a bootloader can be unlocked across numerous Android devices.
Solana Labs noted that for a perpetrator to unlock the bootloader and install custom firmware, multiple steps would have to be followed – all of which could only be executed upon successfully unlocking the device using the user’s passcode or fingerprint.
The firm underlined that “unlocking the bootloader wipes the device.” Users are warned about this numerous times during the bootloader’s unlocking process, making it nearly impossible for this process to occur without the user’s full awareness and active participation.
What Happens After Unlocking Bootloader?
If anyone does manage to unlock the bootloader on an Android device, they are met with a series of stern warnings about the consequences. Should such warnings be ignored, the device as well as their private keys, will be completely wiped.
About Solana Saga Phone
Solana Saga phone, introduced in April 2022, carried a price tag of $1,099 and offered a Web3-native DApp store as a means of integrating tech hardware with crypto apps. Despite the promising start, the company significantly reduced its price to $599 four months later following a sharp fall in sales.
Despite Solana Labs’ defenses, CertiK has yet to provide a response to their rebuttal.