CertiK, on Wednesday, claimed that it found a vulnerability with the Solana Saga phone.
Saga is an Android device — the first being offered by Solana.
The auditor said in a post on X that the phone has a bootloader vulnerability. Essentially, a backdoor can supposedly be installed on the phone allowing the initial software responsible for the starting of the device to be compromised.
“The boot loader is unlocked and software integrity cannot be guaranteed. Any data stored on the device may be available to attackers, Do not store any sensitive data on the device,” a screengrab from CertiK’s accompanying video shows the Solana phone’s screen following the backdoor install.
The message is an indication that the phone has been hacked, CertiK said. However, it’s not clear if the vulnerability is unique to Saga or if it could impact other Android devices. CertiK did not immediately respond to a request for comment.
Ever wondered about the security of your Web3 devices?
Our newest exploration reveals a significant bootloader vulnerability in the Solana Phone, a challenge not just for this device but for the entire industry. Our commitment to enhancing security standards is unwavering. 🔐… pic.twitter.com/lHZ5W7hXzy
— CertiK (@CertiK) November 15, 2023
In an email to Blockworks, Steven Laver, lead software engineer of mobile at Solana Labs said that “the CertiK video does not reveal any known vulnerability or security threat to Saga holders. The video shows the user unlocking the bootloader, which is something that can be done on many Android devices.”
Android’s own documentation from its Open Source Project outlines the ability to lock and unlock the bootloader.
“Unlocking the bootloader is an advanced feature of Saga, and is disabled by default. We believe in allowing users the choice of how they use their phone, however, unlocking the bootloader is not a security vulnerability – a user must explicitly allow such changes to be made to their device, and those changes can only be made by an authorized user of the phone,” Laver continued.
However, if a user or attacker proceeds to unlock the bootloader, then they not only go through multiple warnings, but their device is wiped — along with their private keys.
“So it’s not a process that can take place without users’ active participation or awareness,” Laver said.
The video then proceeds to show how an attacker could drain bitcoin from the wallet attached to the phone. It did not show Seed Vault being used in the video, which protects both supported digital assets and seeds.
Seed Vault was announced in June 2022, and “accesses the highest privileged security environment available on a device, from secure operating modes of the processor to dedicated Secure Elements, which enables a secure transaction signing experience through UI components built into Android.”
Saga was released in April, having been designed to pair Web3 with smartphones. Alongside traditional app stores, Solana offers a separate app store.
The phone is designed to allow users to have “self-custody of their assets” to make them “feel comfortable bringing those assets with them on the go,” Laver told Blockworks when the phone was released.
Months after the launch, the price of Saga was reduced to $599 from $1,000 — a 40% cut.
At the time, Emmett Hollyer, head of business operations for Solana Mobile, told Blockworks that the price reduction is “common practice in the consumer electronics business, particularly with smartphones.”
According to CoinMarketCap, the vulnerability has not impacted SOL — Solana’s native crypto — at the time of publishing. In fact, it’s up more than 13% over the past day.
Read the full article here