Solana denies ‘security threat’ to Saga phones following CertiK video
In a statement to Blockworks, Solana denied a “vulnerability” to Saga phone holders from CertiK
Solana modified by Blockworks
CertiK, on Wednesday, claimed that it found a vulnerability with the Solana Saga phone.
Saga is an Android device — the first being offered by Solana.
The auditor said in a post on X that the phone has a bootloader vulnerability. Essentially, a backdoor can supposedly be installed on the phone allowing the initial software responsible for the starting of the device to be compromised.
“The boot loader is unlocked and software integrity cannot be guaranteed. Any data stored on the device may be available to attackers, Do not store any sensitive data on the device,” a screengrab from CertiK’s accompanying video shows the Solana phone’s screen following the backdoor install.
The message is an indication that the phone has been hacked, CertiK said. However, it’s not clear if the vulnerability is unique to Saga or if it could impact other Android devices. CertiK did not immediately respond to a request for comment.
In an email to Blockworks, Steven Laver, lead software engineer of mobile at Solana Labs said that “the CertiK video does not reveal any known vulnerability or security threat to Saga holders. The video shows the user unlocking the bootloader, which is something that can be done on many Android devices.”
Android’s own documentation from its Open Source Project outlines the ability to lock and unlock the bootloader.
“Unlocking the bootloader is an advanced feature of Saga, and is disabled by default. We believe in allowing users the choice of how they use their phone, however, unlocking the bootloader is not a security vulnerability – a user must explicitly allow such changes to be made to their device, and those changes can only be made by an authorized user of the phone,” Laver continued.
However, if a user or attacker proceeds to unlock the bootloader, then they not only go through multiple warnings, but their device is wiped — along with their private keys.
“So it’s not a process that can take place without users’ active participation or awareness,” Laver said.
CertiK, however, said that only being able to unlock the bootloader with user participation “does not eliminate all potential threats.”
“Malicious actors can purchase Saga phones and install backdoors through such ‘feature,’ and deliver devices to unconscious users. If users did not understand the warnings, they would be tricked and lose funds to attackers,” CertiK said in an email to Blockworks.
“In addition, given the fact that a considerable portion of traditional phone users have taken the initiative to jailbreak or unlock their devices in the past, it is also likely that some Saga phone users will also explore this “feature” but without enough security awareness. That’s why we warn users about such situations in our video.”
The video then proceeds to show how an attacker could drain bitcoin from the wallet attached to the phone. It did not show Seed Vault being used in the video, which protects both supported digital assets and seeds.
Seed Vault was announced in June 2022, and “accesses the highest privileged security environment available on a device, from secure operating modes of the processor to dedicated Secure Elements, which enables a secure transaction signing experience through UI components built into Android.”
Saga was released in April, having been designed to pair Web3 with smartphones. Alongside traditional app stores, Solana offers a separate app store.
The phone is designed to allow users to have “self-custody of their assets” to make them “feel comfortable bringing those assets with them on the go,” Laver told Blockworks when the phone was released.
Months after the launch, the price of Saga was reduced to $599 from $1,000 — a 40% cut.
At the time, Emmett Hollyer, head of business operations for Solana Mobile, told Blockworks that the price reduction is “common practice in the consumer electronics business, particularly with smartphones.”
According to CoinMarketCap, the vulnerability has not impacted SOL — Solana’s native crypto — at the time of publishing. In fact, it’s up more than 13% over the past day.
Updated Friday, Nov. 17 at 12:15 pm ET: Added comment from CertiK.
Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.
Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.
Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.
The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.
