Blockchain security company CertiK has identified a bootloader vulnerability in Solana's Saga phone, which represents Solana's inaugural Android device.
Blockchain security company CertiK has identified a bootloader vulnerability in Solana's Saga phone, which represents Solana's inaugural Android device. CertiK's discovery indicates that the bootloader vulnerability has the potential to permit the installation of a backdoor on the phone, compromising the initial software responsible for initiating the device.
In a shared video demonstrating the vulnerability, CertiK emphasized that once the bootloader is unlocked, the integrity of the software cannot be assured, making any data on the device accessible to potential attackers. As a precaution, CertiK recommended that users refrain from storing sensitive information on the Saga phone.
According to Blockworks, Solana Labs contended that the video did not disclose any known vulnerabilities or security threats to Saga users. They clarified that unlocking the bootloader is an advanced feature that is disabled by default, necessitating explicit user consent and resulting in device wipes and key deletions if activated.
Released in April with a focus on integrating Web3 with smartphones, Saga is designed to provide users with self-custody of their assets. Despite a price reduction from $1,000 to $599 a few months after its launch, Saga aims to deliver a secure and user-friendly mobile experience for Web3 applications.
Let us know what you loved about this article, what could be improved, or share any other feedback by filling out this short form.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators.
This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice.
The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
