A critical security flaw or bug in Motorola Moto G5 Plus lets anyone easily bypass the lockscreen without going through the authentication process.
Amazon’s Prime Exclusive program has been running successfully from quite some time now; under this program, Amazon partners with mobile phone vendors to sell their phones on a considerably low price if customers choose to preload the phones with Amazon apps and ads on the lock screen.
Reportedly, one of the Prime Exclusive devices Moto G5 Plus had a security flaw related to these ads.
The flaw allows an individual to easily bypass the lockscreen without going through the authentication process.
Twitter user Jaraszski Colliefox discovered the flaw and immediately tweeted about it:
“I found a security flaw in my Amazon moto g5. Hit fingerprint sensor (it says fingerprint not recognized), then press the power button, then click view ad on the lockscreen. This gives you 100% access to the phone” posted Colliefox.
Hey @amazon @MotorolaUS. I found a security flaw in my Amazon motot g5. Hit fingerprint sensor (it says fingerprint not recognized), then press power button, then click view ad on the lockscreen. This gives you 100% access to the phone. pic.twitter.com/eqLWLn34pD
— Jaraszski Colliefox (@jaraszski) January 22, 2018
Colliefox also posted a video demonstrating how a Prime Exclusive G5 Plus phone is getting unlocked without needing owner’s fingerprint to be registered.
The video shows that the phone gets completely unlocked and opens a linked web page in the advertisement while when the home button was pressed the home screen after the user got revealed.
It was believed to be a user error or a problem in the auto-lock settings of the device. However, the second video negated this theory completely as it shows a shot of the auto-lock settings.
Then Android Police started testing for this flaw using Nokia 6 Prime Exclusive but could not replicate it.
This hinted at the fact that there might be an issue with Moto G5 Plus instead of the lockscreen ads. The issue only occurs when Moto Display is turned on and once it is active it doesn’t allow the user back if the phone has remained locked for some time (as per the video the duration is 30 seconds).
Amazon was contacted to comment but still, there hasn’t been an official statement about the issue noticed in the Amazon Prime Exclusive device.