Solana denies ‘security threat’ to Saga phones following CertiK video

In a statement to Blockworks, Solana denied a “vulnerability” to Saga phone holders from CertiK


Solana modified by Blockworks


CertiK, on Wednesday, claimed that it found a vulnerability with the Solana Saga phone.

Saga is an Android device — the first being offered by Solana.

The auditor said in a post on X that the phone has a bootloader vulnerability. Essentially, a backdoor can supposedly be installed on the phone allowing the initial software responsible for the starting of the device to be compromised. 

“The boot loader is unlocked and software integrity cannot be guaranteed. Any data stored on the device may be available to attackers, Do not store any sensitive data on the device,” a screengrab from CertiK’s accompanying video shows the Solana phone’s screen following the backdoor install.

The message is an indication that the phone has been hacked, CertiK said. However, it’s not clear if the vulnerability is unique to Saga or if it could impact other Android devices. CertiK did not immediately respond to a request for comment.

Loading Tweet..

In an email to Blockworks, Steven Laver, lead software engineer of mobile at Solana Labs said that “the CertiK video does not reveal any known vulnerability or security threat to Saga holders. The video shows the user unlocking the bootloader, which is something that can be done on many Android devices.” 

Android’s own documentation from its Open Source Project outlines the ability to lock and unlock the bootloader. 

“Unlocking the bootloader is an advanced feature of Saga, and is disabled by default. We believe in allowing users the choice of how they use their phone, however, unlocking the bootloader is not a security vulnerability – a user must explicitly allow such changes to be made to their device, and those changes can only be made by an authorized user of the phone,” Laver continued.

However, if a user or attacker proceeds to unlock the bootloader, then they not only go through multiple warnings, but their device is wiped — along with their private keys.

“So it’s not a process that can take place without users’ active participation or awareness,” Laver said. 

CertiK, however, said that only being able to unlock the bootloader with user participation “does not eliminate all potential threats.”

“Malicious actors can purchase Saga phones and install backdoors through such ‘feature,’ and deliver devices to unconscious users. If users did not understand the warnings, they would be tricked and lose funds to attackers,” CertiK said in an email to Blockworks.

“In addition, given the fact that a considerable portion of traditional phone users have taken the initiative to jailbreak or unlock their devices in the past, it is also likely that some Saga phone users will also explore this “feature” but without enough security awareness. That’s why we warn users about such situations in our video.”

The video then proceeds to show how an attacker could drain bitcoin from the wallet attached to the phone. It did not show Seed Vault being used in the video, which protects both supported digital assets and seeds. 

Seed Vault was announced in June 2022, and “accesses the highest privileged security environment available on a device, from secure operating modes of the processor to dedicated Secure Elements, which enables a secure transaction signing experience through UI components built into Android.”

Saga was released in April, having been designed to pair Web3 with smartphones. Alongside traditional app stores, Solana offers a separate app store.

The phone is designed to allow users to have “self-custody of their assets” to make them “feel comfortable bringing those assets with them on the go,” Laver told Blockworks when the phone was released. 

Months after the launch, the price of Saga was reduced to $599 from $1,000 — a 40% cut.

At the time, Emmett Hollyer, head of business operations for Solana Mobile, told Blockworks that the price reduction is “common practice in the consumer electronics business, particularly with smartphones.”

According to CoinMarketCap, the vulnerability has not impacted SOL — Solana’s native crypto — at the time of publishing. In fact, it’s up more than 13% over the past day.

Updated Friday, Nov. 17 at 12:15 pm ET: Added comment from CertiK.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.


Upcoming Events

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Screenshot 2024-05-23 091855.png


Bitcoin L2s aim to boost scalability while preserving decentralization and security, unlocking a better user experience, and new avenues for Bitcoin-powered innovations. However, no existing Bitcoin L2 leverages the full security of Bitcoin.



The convergence of AI and blockchain on Polkadot represents a groundbreaking opportunity for investors and developers alike


The company is making public a previously private offer rejected by Bitfarms’ board of directors last month


Semler Scientific, a publicly traded medical tech company, joined MicroStrategy by buying up millions of bitcoin


As someone who’s been knee-deep in the trenches of blockchain development, I can’t help but wonder if these behemoths are really cutting it anymore


UNI and MKR are suffering from the successes of their respective protocols


Maybe there’s no silver bullet to avoiding most tokens dumping after launch…