Solana's Saga Phone is Vulnerable to Critical Exploit, Certik Says
The exploit could "compromise the most sensitive data stored on the phone." Solana denies those claims.
By: Camila Russo •Crypto News
Solana’s phone is vulnerable to an attack that can put any digital assets stored on it "at extreme risk," according to an emailed statement by blockchain security firm Certik. Solana Labs denies those claims.
The vulnerability allows an attacker with physical access to a phone to load custom firmware containing a root backdoor, Certik said, adding that the exploit could "compromise the most sensitive data stored on the phone, including cryptocurrency private keys."
Solana's cel phone, which launched in April, is an Android device that was marketed as being "purpose-built for crypto."
A Solana Labs spokesperson said in reply to a request for comment that CertiK hasn't revealed a security threat to Saga holders.
"Unlocking the bootloader is an advanced feature of Saga, and is disabled by default," Solana Labs said in an emailed statement. "Unlocking the bootloader is not a security vulnerability – a user must explicitly allow such changes to be made to their device, and those changes can only be made by an authorized user of the phone."
Unlocking the bootloader requires a user to take multiple steps, which can only be performed after authentication. Also, doing so wipes the device, which users are alerted about multiple times, Solana Labs said.
Certik recommends that Saga phones consider enforcing more restrictions on the bootloader unlocking feature, as it could expose any plaintext data stored on the device, including private keys. A hidden root backdoor allows the phone to operate as usual while being compromised.
Certik also said the phone's wallet depends only on the device’s operating system for security. Solana Labs said in the emailed statement that's not the case as the Seed Vault, a custody system built into the phone, increases the security of a user's seed phrases and supported digital assets.
"Saga users are always encouraged to enable Seed Vault wallets to protect their digital assets," Solana Labs said.
[UPDATED @ 12:15PM ET to include comment from Solana Labs]