CertiK’s security allegations rock Solana’s saga phone


Most read

Loading Most Ready posts..


  • Solana Labs disputes CertiK’s bootloader vulnerability claims for Saga phone.
  • Unlocking bootloader requires user consent, wiping the device and keys.
  • Saga phone’s price slashed after sales decline, Web3 DApp store remains key feature.

Solana Labs has strongly contested the claims made by blockchain security firm CertiK regarding the security of Solana’s crypto-enabled Saga phone. CertiK had alleged the presence of a critical “bootloader vulnerability” in the device, which could potentially compromise sensitive data, including cryptocurrency private keys. Solana Labs, however, has refuted these claims, asserting that CertiK’s findings are inaccurate and do not pose a legitimate threat to Saga phone users.

CertiK’s allegations

On November  CertiK released a video in which they asserted that the Saga phone contained a “critical vulnerability” known as a “bootloader unlock” attack. According to CertiK, this vulnerability could allow malicious actors with physical access to the phone to install hidden backdoors via custom firmware, potentially compromising sensitive data, including cryptocurrency private keys. CertiK’s report stated that this could pose a significant security risk to Saga phone users.

Solana Labs’ response

In response to CertiK’s claims, Solana Labs has categorically denied the existence of any known vulnerability or security threat to Saga phone users. Solana Labs emphasized that unlocking the bootloader and installing custom firmware would require multiple steps, which can only be executed after unlocking the device using the user’s passcode or fingerprint. Furthermore, Solana Labs pointed out that unlocking the bootloader results in a complete device wipe, a process that users are repeatedly alerted about, making it impossible for such actions to occur without the user’s active participation or awareness.

Bootloader unlock process

Solana Labs clarified that the process of unlocking the bootloader is not something that can be initiated without the user’s explicit consent. Android’s internal Open Source Project documentation corroborates this, indicating that bootloader unlocking is possible on a wide range of Android devices but involves a series of warnings and user consent. Ignoring these warnings during the bootloader unlock process leads to the device being wiped, along with any private keys stored on it.

The Saga phone,a crypto-enabled smartphone developed by Solana Labs, was released in April 2022 with a price tag of $1,099. One of its key features is a Web3-native DApp store, aimed at integrating cryptocurrency applications into the device’s hardware. However, just four months after its launch, Solana Labs decided to reduce the price of the Saga phone to $599, following a significant decline in sales.

At the time of reporting, CertiK had not provided a response to Solana Labs’ rebuttal. It remains to be seen whether CertiK will address the refutation and provide further insights into their findings or if they will revise their assessment based on Solana Labs’ counterclaims.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Share link:

Lacton Muriuki

Lacton is an experienced journalist specializing in blockchain-based technologies, including NFTs and cryptocurrency. He dabbles in daily crypto news rich with well-researched stats. He adds aesthetic appeal, adding a human face to technology.

Stay on top of crypto news, get daily updates in your inbox

Related News

Subscribe to CryptoPolitan