Solana Labs, the company behind the Saga smartphone, has refuted recent allegations by blockchain security firm CertiK regarding critical security vulnerabilities in the device. In a video posted on X (formerly Twitter) on November 15, CertiK asserted that the Saga phone harbored a “bootloader unlock” vulnerability, potentially allowing malicious actors to install a hidden backdoor.
CertiK’s report suggested that this bootloader vulnerability could permit an attacker with physical access to load custom firmware containing a root backdoor, compromising sensitive data, including cryptocurrency private keys.
However, Solana Labs has dismissed CertiK’s claims as inaccurate, asserting that the video did not reveal any legitimate threat to the Saga device. The company explained that unlocking the bootloader and installing custom firmware would require multiple steps, which could only be executed after unlocking the device using the user’s passcode or fingerprint.
Solana Labs Highlights Security Measures for Bootloader Unlocking
Solana Labs emphasized that unlocking the bootloader initiates a device wipe, and users are repeatedly alerted about this during the process. This ensures that the procedure cannot take place without the user’s active participation or awareness. Android’s internal Open Source Project documentation also indicates that bootloader unlocking is a standard procedure across various Android devices.
The SOL Saga phone, introduced in April 2022 at a price of $1,099, features a Web3-native decentralized application store, aiming to seamlessly integrate crypto apps into hardware. However, facing declining sales four months after its launch, Solana reduced the phone’s price to $599.
Despite Solana Labs’ rebuttal, CertiK has not yet responded to the company’s statement at the time of reporting.