Amazon Moto G5 Has A Major Security Flaw [UPDATE]
There's a bit of a flaw in the Motorola-made Amazon Moto G5 and Moto G5 Plus. Confirmed by several owners of the device in several different parts of the United States, this flaw is... kind of unbelievable. All one needs to do to bypass lockscreen security is fail their fingerprint sensor test, press the power button, and tap the ad.
Once the user taps the ad, the ad's link connects to the device's web browser. Once the user is in the web browser, they're also inside the phone's security lock. As such, there is no security on this smartphone. Advertisements make this smartphone a little less expensive than its non-Amazon counterpart. Ads make this phone very insecure.
ALSO: Moto Display must be turned on for this combination of moves to unlock the phone. But without a password or a proper fingerprint, any user seems to be able to log in with ease. Amazon's ads are this phone's undoing. It's a real bummer since this phone is such a great piece of hardware.
Hey @amazon @MotorolaUS. I found a security flaw in my Amazon motot g5. Hit fingerprint sensor (it says fingerprint not recognized), then press power button, then click view ad on the lockscreen. This gives you 100% access to the phone. pic.twitter.com/eqLWLn34pD
— Jaraszski Colliefox (@jaraszski) January 22, 2018
One example of a user trying this flaw out is shown above, and another is shown below. A reddit thread confirms that this is not an isolated incident. This is a real deal, and users of these phones should take all precautions to secure their phone by alternate means.
This monstrous security flaw likely has a relatively simple fix on the developer side – but the damage is already done. Amazon and/or Motorola has to answer for this flaw as soon as possible, and send out an update to stop the glitch immediately. This is just nonsense. Stick around as we see what Amazon and/or Motorola has to say about this situation, hopefully soon.
UPDATE: A statement from Amazon: "The phone featured in the tweet is a Prime Exclusive Moto G5+ (we do not offer a Prime Exclusive version of the Moto G5 in the US). Motorola worked to recreate the unlock scenario seen in the video and found that it appears to be caused by an Android setting called Smart Lock, which allows the device to remain unlocked via body detection. This Smart Lock feature works as designed across Android phones and is completely separate from the lockscreen offers and ads experience on Prime Exclusive Phones."