Solana Labs says a recent video from blockchain security firm CertiK made a series of “inaccurate” claims about potential security vulnerabilities in Solana’s encrypted Saga phone.
In a Nov. 15 post on Hidden backdoor.
Ever thought about the security of Web3 devices?
Our latest exploration has revealed a significant bootloader vulnerability in Solana phones, which poses a challenge not only to the device but to the entire industry. Our commitment to raising safety standards is unwavering. … pic.twitter.com/lHZ5W7hXzy
— CertiK (@CertiK) November 15, 2023
In a report sent to Cointelegraph, CertiK claimed that bootloader unlocking would “allow an attacker with physical access to the phone to load custom firmware containing a root backdoor.”
“We demonstrate that this can compromise the most sensitive data stored on the phone, including cryptocurrency private keys,” CertiK’s report states.
However, a Solana Labs spokesperson told Cointelegraph that CertiK’s claims are inaccurate and that its footage does not reveal any legitimate threats to Saga devices.
“The CertiK video does not reveal any known vulnerabilities or security threats to Saga holders.”
Android internal open source project document The display unlock bootloader can be executed on a variety of Android devices.
Solana Labs said that to unlock the bootloader and install custom firmware, an attacker must perform multiple steps that can only be performed after unlocking the device with a user password or fingerprint.
“Unlocking the bootloader wipes the device, and users are warned multiple times when unlocking the bootloader, so this process cannot occur without the user’s active participation or awareness,” Solana Labs said.
related: Making real-world blockchain solutions possible — Solana co-founder Raj Gokal
Additionally, if someone proceeds to unlock the bootloader on an Android device, they will receive a series of warnings about the impact of the process.
If they ignore these warnings, the device will be wiped along with their private keys.
The Solana Saga phone will be released in April 2022 and will cost $1,099. The phone provides a Web3 native DApp store designed to integrate cryptographic applications into technical hardware.
In April, we launched Saga with a clear vision: to make web3 accessible. We will continue to work hard to bring more people into the ecosystem and drive the future of web3 action. Today, we’ve dropped the price of the Saga to $599.
Over the past four months, Saga users have embraced… pic.twitter.com/qpC1BHiqZ7
— Solana Mobile (@solanamobile) August 9, 2023
However, four months after launch, Solana slashed the price to $599 decline promotion.
CertiK did not immediately respond to a request for comment on Solana Labs’ rebuttal.
Magazine: I spent a week working on VR. However, it’s mostly scary…
Svlook
