Solana Labs (creators of $SOL) has recently rejected a new report by CertiK, a blockchain security firm.
CertiK, it turns out, recently reported a "critical vulnerability" in the Saga phone, designed and marketed by Solana Labs.
In this report, CertiK claims that the Saga phone may have a "bootloader unlock" vulnerability, which could allow an attacker to install a backdoor and access the user's private keys.
Solana Labs, however, was not having it. They retorted almost immediately and stated that the report was both inaccurate and misleading.
The Saga phone, Solana Labs Says, is as secure as any other Android device.
To explain things as simply as possible, a bootloader is a program that runs before the operating system starts on a device.
This means that the bootloader is responsible for waking up all the other essential components of an Android phone.
If a bootloader is unlocked on a device, the user (or an attacker) could easily install custom software, and even modify the phone's system.
According to CertiK, the Saga phone comes out of the box with an unlocked bootloader, which can easily be exploited by bad actors.
CertiK alleged that its engineers were able to load a custom firmware containing a root backdoor on the Saga phone. With this backdoor, they were able to access user data, and even steal private keys.
CertiK in the demonstration tweet, claimed that the Saga phone was "not safe for storing cryptocurrencies".
The security firm also said that they contacted Solana Labs about the issue, but did not receive a satisfactory response.
When Solana Labs did respond, however, they dismissed CertiK's claims as false and irresponsible.
In the CertiK demonstration video, the security firm did not reveal any known vulnerability or security threat to Saga holders.
According to the official Android open-source documentation, android bootloaders can easily be unlocked by anyone who knows what they are doing. However, to do this, any "attacker" would need the owner's consent and participation.
To unlock the bootloader and install custom firmware as CertiK showed, an attacker would need to go through several steps without the owner's consent, like enabling developer options, enabling OEM unlocking, rebooting into fast boot mode, and confirming the unlock.
All of these steps would be impossible without actual consent from the owner, or their passcode/fingerprint.
Doing this would also trigger multiple access warnings, and could even wipe the device if these warnings are ignored.
Solana Labs says that the Saga phone is designed to protect the user's privacy and security, and also offers a Web3-native DApp store to integrate crypto apps into tech hardware.
The Saga phone is an Android phone powered by the Solana blockchain. It was launched in April 2022, right before the bear market started.
One of the major marketing points Solana Labs used to get the phone across was that it offered a secure experience for crypto users.
It also came out of the box with features like a built-in hardware wallet, biometric authentication, a decentralized identity protocol, and a p2p communication network.
The Saga Phone, initially priced at $1,099, is one of the first attempts to integrate blockchain into the mainstream consumer market and challenge other giants like Apple and Samsung.
However, the phone was met with a lackluster performance in the market.
The 2022 bear market brought on a significant lack of interest in crypto. In the end, the price of the Saga Phone had to be slashed by half, to about $599.
Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.