Solana Disputes CertiK's Claims of Security Flaws in Saga Phone

Solana Labs refutes CertiK's report on Saga phone vulnerabilities

Solana Labs has dismissed a recent video from blockchain security firm CertiK, stating that the claims made about potential security flaws in Solana's Saga phone are "inaccurate". In the video, CertiK alleged that the phone contained a "critical vulnerability" known as a "bootloader unlock" attack, which could enable malicious actors to install a hidden backdoor. However, Solana Labs has stated that the video did not identify any legitimate threat to the Saga device.

Unlocking bootloader requires multiple steps and user interaction

Solana Labs clarified that in order for an attacker to unlock the bootloader and install custom firmware, they would need to go through a series of steps that can only be performed after unlocking the device with the user's passcode or fingerprint. The process of unlocking the bootloader also wipes the device, which users are alerted about multiple times. Solana Labs emphasized that this is not a process that can occur without the user's active participation or awareness.

Price reduction for Saga phone following decline in sales

The Solana Saga phone, which was launched in April 2022 with a price tag of $1,099, saw a significant price reduction to $599 just four months later. This price adjustment came after a decline in sales for the phone. The Saga phone aims to integrate crypto apps into tech hardware and offers a Web3-native DApp store.

CertiK did not respond immediately to Solana Labs' rebuttal.