Solana Labs denies Saga phone has vulnerability or security threat

Steven Laver, principal software engineer for mobile at Solana Labs, said CertiK's video did not reveal any known vulnerabilities or security threats to Saga phone users. The video shows a user unlocking the bootloader, something that can be done on many Android devices. Laver said: "Unlocking the bootloader is an advanced feature of Saga and is disabled by default. We allow users to choose how to use their phones, however unlocking the bootloader is not a security vulnerability - users must explicitly allow it to their devices. Such changes, and only authorized users may make these changes.” However, if a user or attacker proceeds to unlock the bootloader, not only will they receive multiple warnings, but their device (along with the private key) will be wiped. Laver said: "So this process cannot happen without the user's active participation or knowledge." (Blockworks) According to previous news, CertiK recently discovered a critical bootloader vulnerability in Solana Phone. CertiK testing experts successfully jailbroken and tested the phone in just one minute, and looted all the assets in it in just a few steps. The vulnerability stems from an insecure "bootloader unlock" feature. In addition to stealing user assets, it also exposes all personal data stored on the device. More than 2,100 devices have been put at serious risk since early April. Given the complexity of the vulnerability and the need for physical access, CertiK has informed Solana of the vulnerability and publicly released this vulnerability alert to protect Web3 users and prompt them to take effective measures to protect their assets. CertiK released a video on November 15 analyzing the details of the vulnerability. They emphasized that the vulnerability is not limited to Solana Phone and recommended that relevant projects and developers take immediate action to strengthen bootloader protection.