Blockchain security company CertiK has identified a bootloader vulnerability in Solana's Saga phone, which represents Solana's inaugural Android device. CertiK's discovery indicates that the bootloader vulnerability has the potential to permit the installation of a backdoor on the phone, compromising the initial software responsible for initiating the device.

In a shared video demonstrating the vulnerability, CertiK emphasized that once the bootloader is unlocked, the integrity of the software cannot be assured, making any data on the device accessible to potential attackers. As a precaution, CertiK recommended that users refrain from storing sensitive information on the Saga phone.

According to Blockworks, Solana Labs contended that the video did not disclose any known vulnerabilities or security threats to Saga users. They clarified that unlocking the bootloader is an advanced feature that is disabled by default, necessitating explicit user consent and resulting in device wipes and key deletions if activated.

Released in April with a focus on integrating Web3 with smartphones, Saga is designed to provide users with self-custody of their assets. Despite a price reduction from $1,000 to $599 a few months after its launch, Saga aims to deliver a secure and user-friendly mobile experience for Web3 applications.

Let us know what you loved about this article, what could be improved, or share any other feedback by filling out this short form.