untitled design

A critical vulnerability was found in a Solana smartphone

CertiK analysts have identified a critical vulnerability in the Saga smartphone from Solana, which allows the user’s cryptocurrencies to be stolen.

The company’s specialists, in recovery mode, were able to install a backdoor on the device and unlock access to the operating system bootloader.

The smartphone displayed a warning that, from this point on, “the integrity of the software cannot be guaranteed.”

“Any data stored on the device can be accessed by attackers,” the message says.

They then connected the smartphone to WiFi to establish communication with the command and control server on the laptop. Thanks to root rights on the vulnerable device and the use of bash scripts, the researchers withdrew all the bitcoins from the built-in wallet.

CertiK did not provide any additional comments on the issue.


HAPI CCO Mark Letsyuk clarified that the CertiK video being shown does not disclose any known vulnerabilities or security risks for Saga owners.

“The video shows the user unlocking the bootloader, which can be done on many Android devices. In Saga, this additional feature is disabled by default. However, it is not a security vulnerability—an authorized user must explicitly allow such changes to be made to their device,” the expert explained.

He also added that one of Saga’s key innovations is Seed Vault – a built-in storage system with enhanced security for seeds and supported digital assets.

“Saga users are always encouraged to enable Seed Vault wallets to protect their digital assets. It’s important to note that Seed Vault is not used in the CertiK wallet shown in the video,” Letsyuk added.

Solana Labs first introduced Saga in June 2022. The phone’s hardware and software integrate Web3 functionality, allowing it to be used as a hardware wallet.

Let us remind you that Saga sales started on May 8, 2023.

Source: Cryptocurrency

You may also like

Get the latest

Stay Informed: Get the Latest Updates and Insights


Most popular