CertiK reports a critical security vulnerability in Solana’s Saga phone

Security platform CertiK has released a video demonstrating a critical vulnerability exploit on Solana’s flagship Saga phone.

Blockchain security platform CertiK claimed that the Solana Saga phone has a major vulnerability that could allow hackers to create a backdoor into its software and compromise the device. Certik posted a minute-long video on X (formally known as Twitter), demonstrating how a hacker could potentially override the device during startup and gain unauthorized root access.

Ever wondered about the security of your Web3 devices?

Our newest exploration reveals a significant bootloader vulnerability in the Solana Phone, a challenge not just for this device but for the entire industry. Our commitment to enhancing security standards is unwavering. … pic.twitter.com/lHZ5W7hXzy

— CertiK (@CertiK) November 15, 2023

CertiK claimed that because of this vulnerability, the software integrity of Solana’s Android OS cannot be guaranteed. Any data stored on the phone, including crypto wallet details and private keys, can be compromised by the attackers.

The Solana Phone, known as “Saga,” is a blockchain-integrated smartphone developed and launched by Solana in April this year. The phone is designed to enhance the user experience with decentralized applications (dApps) and cryptocurrency management. Featuring a built-in hardware wallet for secure crypto transactions, it focuses on providing robust Web3 capabilities. Although the phone was priced at $1,000 at launch, it’s since been discounted by more than 40% in recent months.

Despite Certik’s claims about the device, Solana has denied any security flaws in their device, according to some sources. Several users have also shared counter-arguments to CertiK’s claims, stating that the bootloader vulnerability is common on Android devices given its open-source code.