TechFlow news: On November 15, CertiK released a video revealing a critical bootloader vulnerability in the Solana Phone. CertiK's testing experts successfully jailbroke the device within just one minute and completely drained all its assets in a few simple steps. The vulnerability stems from an insecure "bootloader unlock" feature. Besides enabling theft of user assets, it also exposes all personal data stored on the device. Over 2,100 devices have been at severe risk since early April.
Given the complexity of this vulnerability and the need for physical access, CertiK stated that it has already disclosed the issue to Solana and publicly issued this vulnerability alert to protect Web3 users and encourage them to take effective measures to secure their assets.




