Solana hoses down ‘inaccurate’ CertiK report on Saga phone security flaws

2 years ago CryptoExpert
Solana hoses down ‘inaccurate’ CertiK report on Saga phone security flaws



A recent video from blockchain security firm CertiK has made a series of “inaccurate” claims about a potential security vulnerability in Solana’s crypto-enabled Saga phone, Solana Labs said.

In a Nov. 15 post on X (formerly Twitter), CertiK claimed the Saga phone contained a “critical vulnerability” known as a “bootloader unlock” attack, which would supposedly allow a malicious actor to install a hidden backdoor in the phone.

In a report sent to Cointelegraph, CertiK claimed the bootloader unlock would “allow an attacker with physical access to a phone to load custom firmware containing a root backdoor.”

“We demonstrate that this can compromise the most sensitive data stored on the phone, including cryptocurrency private keys,” CertiK’s report said.

Tokenmetrics

However, a Solana Labs spokesperson told Cointelegraph that CertiK’s claims are inaccurate, and its video did not reveal any legitimate threat to the Saga device.

“The CertiK video does not reveal any known vulnerability or security threat to Saga holders.”

Android’s internal Open Source Project documentation shows unlocking a bootloader can be performed across a wide range of Android devices.

Solana Labs said that, to unlock the bootloader and install custom firmware, an attacker would have to go through multiple steps, which can only be performed after unlocking the device with the user’s passcode or fingerprint.

“Unlocking the bootloader wipes the device, which users are alerted about multiple times when unlocking the bootloader, so it’s not a process that can take place without users’ active participation or awareness,” Solana Labs said.

Related: Making real-world blockchain solutions possible — Solana co-founder Raj Gokal

Additionally, if anyone proceeds to unlock the bootloader on an Android device, they’re subjected to a series of warnings about the implications of the process.

If they ignore these warnings, the device will be wiped along with their private keys.

The Solana Saga phone was released in April 2022 with a price tag of $1,099. The phone offers a Web3-native decentralized application store in a bid to integrate crypto apps into tech hardware.

Four months after launch, however, Solana slashed its price to $599, following a steep decline in sales.

CertiK did not immediately respond to a request for comment on Solana Labs’ rebuttal.

Magazine: I spent a week working in VR. It was mostly terrible, however…





Source link

Ledger

More Stories

Nasdaq files for 21Shares Sui ETF, kicking off SEC review

Nasdaq files for 21Shares Sui ETF, kicking off SEC review

19 hours ago CryptoExpert
Bitcoin, ETH, XRP, SOL, HYPE and DOGE look ready to rally

Bitcoin, ETH, XRP, SOL, HYPE and DOGE look ready to rally

2 days ago CryptoExpert
Bitcoin holds key support as HYPE, XMR, AAVE, WLD lead altcoin rally

Bitcoin holds key support as HYPE, XMR, AAVE, WLD lead altcoin rally

3 days ago CryptoExpert
Bitcoin holds key support as HYPE, XMR, AAVE, WLD lead altcoin rally

Bitcoin holds key support as HYPE, XMR, AAVE, WLD lead altcoin rally

3 days ago CryptoExpert
BTC, ETH, XRP, BNB, SOL, DOGE, ADA, SUI, HYPE, LINK

BTC, ETH, XRP, BNB, SOL, DOGE, ADA, SUI, HYPE, LINK

5 days ago CryptoExpert
XRP price fails to respond to two extremely bullish developments — Here is why

XRP price fails to respond to two extremely bullish developments — Here is why

6 days ago CryptoExpert

Leave a Reply

Your email address will not be published. Required fields are marked *

You may have missed

Telegram to raise $1.5B in bond sale, Citadel joins BlackRock in backing the deal: WSJ

Telegram to raise $1.5B in bond sale, Citadel joins BlackRock in backing the deal: WSJ

8 hours ago CryptoExpert
SharpLink’s $425M ETH treasury has ETH bulls calling for $3K

SharpLink’s $425M ETH treasury has ETH bulls calling for $3K

13 hours ago CryptoExpert
Hashpower Hot Zones: North America, Eurasia, and Latin America Lead Bitcoin’s Hashrate Race

Hashpower Hot Zones: North America, Eurasia, and Latin America Lead Bitcoin’s Hashrate Race

14 hours ago CryptoExpert
ASIC Sues Former Blockchain Global Exec Over $20M in Unpaid Customer Claims

ASIC Sues Former Blockchain Global Exec Over $20M in Unpaid Customer Claims

14 hours ago CryptoExpert
You have not selected any currency to display

Pin It on Pinterest

Ico-Investor
Fiverr
Ico-Investor
Solana hoses down ‘inaccurate’ CertiK report on Saga phone security flaws
Tokenmetrics
Ledger
Nasdaq files for 21Shares Sui ETF, kicking off SEC review
Bitcoin, ETH, XRP, SOL, HYPE and DOGE look ready to rally
Bitcoin holds key support as HYPE, XMR, AAVE, WLD lead altcoin rally
Bitcoin holds key support as HYPE, XMR, AAVE, WLD lead altcoin rally
BTC, ETH, XRP, BNB, SOL, DOGE, ADA, SUI, HYPE, LINK
XRP price fails to respond to two extremely bullish developments — Here is why
Changelly
Paxful
Telegram to raise $1.5B in bond sale, Citadel joins BlackRock in backing the deal: WSJ
SharpLink’s $425M ETH treasury has ETH bulls calling for $3K
Hashpower Hot Zones: North America, Eurasia, and Latin America Lead Bitcoin’s Hashrate Race
ASIC Sues Former Blockchain Global Exec Over $20M in Unpaid Customer Claims
Crypto czar Sacks says US could possibly ‘acquire more Bitcoin’
Telegram to raise $1.5B in bond sale, Citadel joins BlackRock in backing the deal: WSJ
SharpLink’s $425M ETH treasury has ETH bulls calling for $3K
Hashpower Hot Zones: North America, Eurasia, and Latin America Lead Bitcoin’s Hashrate Race
ASIC Sues Former Blockchain Global Exec Over $20M in Unpaid Customer Claims