CertiK analysts have identified a critical vulnerability in the Saga smartphone from Solana, which allows the user’s cryptocurrencies to be stolen.
Ever wondered about the security of your Web3 devices?
Our newest exploration reveals a significant bootloader vulnerability in the Solana Phone, a challenge not just for this device but for the entire industry. Our commitment to enhancing security standards is unwavering. 🔐… pic.twitter.com/lHZ5W7hXzy
— CertiK (@CertiK) November 15, 2023
The company’s specialists, in recovery mode, were able to install a backdoor on the device and unlock access to the operating system bootloader.
The smartphone displayed a warning that, from this point on, “the integrity of the software cannot be guaranteed.”
They then connected the smartphone to WiFi to establish communication with the command and control server on the laptop. Thanks to root rights on the vulnerable device and the use of bash scripts, the researchers withdrew all the bitcoins from the built-in wallet.
CertiK did not provide any additional comments on the issue.
HAPI CCO Mark Letsyuk clarified that the CertiK video being shown does not disclose any known vulnerabilities or security risks for Saga owners.
He also added that one of Saga’s key innovations is Seed Vault – a built-in storage system with enhanced security for seeds and supported digital assets.
Solana Labs first introduced Saga in June 2022. The phone’s hardware and software integrate Web3 functionality, allowing it to be used as a hardware wallet.
Let us remind you that Saga sales started on May 8, 2023.
I am an experienced journalist and writer with a career in the news industry. My focus is on covering Top News stories for World Stock Market, where I provide comprehensive analysis and commentary on markets around the world. I have expertise in writing both long-form articles and shorter pieces that deliver timely, relevant updates to readers.