Solana Labs has strongly refuted claims made by blockchain research firm CertiK around Saga smartphones being riddled with security flaws. Solana Labs owns the Saga smartphone brand, which is laden with pro-crypto features like in-built digital wallet. In a recent post on X, CertiK said that this smartphone from Solana Labs comes with a ‘critical vulnerability’ that can be used to install malicious software when the bootloader of the phone is unlocked. Because of this vulnerability, a cyber hacker could install a hidden gateway to access personal details on a Saga phone, according to CertiK.
In its post on X, CertiK had warned not only Solana Labs, but all smartphone making brands about the risk of malware being installed via the bootloader. The platform shared a minute-long video demonstrating the process of infecting on a Solana Saga smartphone.
Ever wondered about the security of your Web3 devices?
Our newest exploration reveals a significant bootloader vulnerability in the Solana Phone, a challenge not just for this device but for the entire industry. Our commitment to enhancing security standards is unwavering. :closed_lock_with_key:… pic.twitter.com/lHZ5W7hXzy
— CertiK (@CertiK) November 15, 2023
In a conversation with CoinTelegraph, Solana Labs said the findings shared by CertiK are ‘inaccurate’. “The CertiK video does not reveal any known vulnerability or security threat to Saga holders. Unlocking the bootloader wipes the device, which users are alerted about multiple times when unlocking the bootloader, so it’s not a process that can take place without users’ active participation or awareness,” CoinTelegraph quoted Solana Labs as saying.
Modern smartphones are equipped with a bootloader that is locked as a security measure. A locked bootloader only loads authorised code, protecting users from abuse. Unlocking the bootloader on a smartphone can introduce a significant security risk — the process of unlocking the bootloader is supported on many Android phones and doing so completely wipes the data on the smartphone.
The blockchain firm has further also pointed out that unlocking a bootloader could be performed on several Android devices citing information from the Android Open-Source Project documentation.
Solana’s Saga smartphone was launched in April 2022 and was touted as the advent of the world’s first-generation of crypto and Web3-centric smartphones. Running on Android, the Saga smartphone was priced at around $1,000 (roughly Rs. 78,300). Along with a Solana Pay crypto pay, a ‘seed vault’ is also pre-installed on the Saga device to safely store all the private keys linked to the device, according to the company.