Solana Saga Smartphone Critical Vulnerability Identified by CertiK Analysts

CertiK analysts have identified a critical vulnerability in the Saga smartphone from Solana, which allows the user’s cryptocurrencies to be stolen.

See more

Ever wondered about the security of your Web3 devices?

Our newest exploration reveals a significant bootloader vulnerability in the Solana Phone, a challenge not just for this device but for the entire industry. Our commitment to enhancing security standards is unwavering. 🔐… pic.twitter.com/lHZ5W7hXzy

— CertiK (@CertiK) November 15, 2023

The company’s specialists, in recovery mode, were able to install a backdoor on the device and unlock access to the operating system bootloader.

The smartphone displayed a warning that, from this point on, “the integrity of the software cannot be guaranteed.”

“Any data stored on the device can be accessed by attackers,” the message says.

They then connected the smartphone to WiFi to establish communication with the command and control server on the laptop. Thanks to root rights on the vulnerable device and the use of bash scripts, the researchers withdrew all the bitcoins from the built-in wallet.

CertiK did not provide any additional comments on the issue.

November 15, 2023 | 18:47 Update:

HAPI CCO Mark Letsyuk clarified that the CertiK video being shown does not disclose any known vulnerabilities or security risks for Saga owners.

“The video shows the user unlocking the bootloader, which can be done on many Android devices. In Saga, this additional feature is disabled by default. However, it is not a security vulnerability—an authorized user must explicitly allow such changes to be made to their device,” the expert explained.

He also added that one of Saga’s key innovations is Seed Vault, a built-in storage system with enhanced security for seeds and supported digital assets.

“Saga users are always encouraged to enable Seed Vault wallets to protect their digital assets. It’s important to note that Seed Vault is not used in the CertiK wallet shown in the video,” Letsyuk added.

Solana Labs first introduced Saga in June 2022. The phone’s hardware and software integrate Web3 functionality, allowing it to be used as a hardware wallet.

Let us remind you that Saga sales started on May 8, 2023.

Subscribe to ForkLog on social networks

Found an error in the text? Select it and press CTRL+ENTER

ForkLog newsletters: keep your finger on the pulse of the Bitcoin industry!

2023-11-15 16:15:52
#CertiK #announced #critical #vulnerability #smartphone #Solana #ForkLog