Solana hoses down ‘inaccurate’ CertiK report on Saga phone security flaws

Solana hoses down ‘inaccurate’ CertiK report on Saga phone security flaws



A recent video from blockchain security firm CertiK has made a series of “inaccurate” claims about a potential security vulnerability in Solana’s crypto-enabled Saga phone, Solana Labs said.

In a Nov. 15 post on X (formerly Twitter), CertiK claimed the Saga phone contained a “critical vulnerability” known as a “bootloader unlock” attack, which would supposedly allow a malicious actor to install a hidden backdoor in the phone.

In a report sent to Cointelegraph, CertiK claimed the bootloader unlock would “allow an attacker with physical access to a phone to load custom firmware containing a root backdoor.”

“We demonstrate that this can compromise the most sensitive data stored on the phone, including cryptocurrency private keys,” CertiK’s report said.

bybit

However, a Solana Labs spokesperson told Cointelegraph that CertiK’s claims are inaccurate, and its video did not reveal any legitimate threat to the Saga device.

“The CertiK video does not reveal any known vulnerability or security threat to Saga holders.”

Android’s internal Open Source Project documentation shows unlocking a bootloader can be performed across a wide range of Android devices.

Solana Labs said that, to unlock the bootloader and install custom firmware, an attacker would have to go through multiple steps, which can only be performed after unlocking the device with the user’s passcode or fingerprint.

“Unlocking the bootloader wipes the device, which users are alerted about multiple times when unlocking the bootloader, so it’s not a process that can take place without users’ active participation or awareness,” Solana Labs said.

Related: Making real-world blockchain solutions possible — Solana co-founder Raj Gokal

Additionally, if anyone proceeds to unlock the bootloader on an Android device, they’re subjected to a series of warnings about the implications of the process.

If they ignore these warnings, the device will be wiped along with their private keys.

The Solana Saga phone was released in April 2022 with a price tag of $1,099. The phone offers a Web3-native decentralized application store in a bid to integrate crypto apps into tech hardware.

Four months after launch, however, Solana slashed its price to $599, following a steep decline in sales.

CertiK did not immediately respond to a request for comment on Solana Labs’ rebuttal.

Magazine: I spent a week working in VR. It was mostly terrible, however…





Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

You have not selected any currency to display

Pin It on Pinterest

Ico-Investor
Bybit
Ico-Investor
Solana hoses down ‘inaccurate’ CertiK report on Saga phone security flaws
bybit
Bybit
Ripple Eyes Major Exchange Listings for RLUSD: Are Coinbase and Binance Next?
Grayscale Reveals Nearly 40 Altcoins For Investment Consideration
XRP Eyes $500B Market Cap as Peter Brandt Signals Potential Breakout
Behind Ripple’s Stablecoin Growth: A Closer Look at the Top 10 RLUSD Giants
Binance Delisting Announcement Causes Free Fall For 3 Altcoins
Solana Embraces a Path to Scalability: Approves Modest Block Limit Increase
Fiverr
Ledger
SunSwap Leads the Way with 8.3 Million Transactions in 2024
Senator Introduces Bill to Cement Texas as the First State With a Bitcoin Reserve
This Week on Crypto Twitter: BONK Simply Won’t Quit
We Asked ChatGPT if Shiba Inu (SHIB) Can Become a Top 10 Cryptocurrency This Year
Bloomberg Expands its Crypto Coverage to the Top 50 Largest Assets
SunSwap Leads the Way with 8.3 Million Transactions in 2024
Senator Introduces Bill to Cement Texas as the First State With a Bitcoin Reserve
This Week on Crypto Twitter: BONK Simply Won’t Quit
We Asked ChatGPT if Shiba Inu (SHIB) Can Become a Top 10 Cryptocurrency This Year