Reefa Posted January 24, 2018 Share Posted January 24, 2018 There’s a bit of a flaw in the Motorola-made Amazon Moto G5 and Moto G5 Plus. Confirmed by several owners of the device in several different parts of the United States, this flaw is… kind of unbelievable. All one needs to do to bypass lockscreen security is fail their fingerprint sensor test, press the power button, and tap the ad. Once the user taps the ad, the ad’s link connects to the device’s web browser. Once the user is in the web browser, they’re also inside the phone’s security lock. As such, there is no security on this smartphone. Advertisements make this smartphone a little less expensive than its non-Amazon counterpart. Ads make this phone very insecure. ALSO: Moto Display must be turned on for this combination of moves to unlock the phone. But without a password or a proper fingerprint, any user seems to be able to log in with ease. Amazon’s ads are this phone’s undoing. It’s a real bummer since this phone is such a great piece of hardware. Quote Hey @amazon @MotorolaUS. I found a security flaw in my Amazon motot g5. Hit fingerprint sensor (it says fingerprint not recognized), then press power button, then click view ad on the lockscreen. This gives you 100% access to the phone. pic.twitter.com/eqLWLn34pD — Jaraszski Colliefox (@jaraszski) January 22, 2018 One example of a user trying this flaw out is shown above, and another is shown below. A reddit thread confirms that this is not an isolated incident. This is a real deal, and users of these phones should take all precautions to secure their phone by alternate means. This monstrous security flaw likely has a relatively simple fix on the developer side – but the damage is already done. Amazon and/or Motorola has to answer for this flaw as soon as possible, and send out an update to stop the glitch immediately. This is just nonsense. Stick around as we see what Amazon and/or Motorola has to say about this situation, hopefully soon. source Link to comment Share on other sites More sharing options...
BioHazard Posted January 24, 2018 Share Posted January 24, 2018 Amazon and Motorola. Link to comment Share on other sites More sharing options...
straycat19 Posted January 25, 2018 Share Posted January 25, 2018 And if you are tired of looking at the Amazon ads you can remove them using RootJunky's Amazon Ad Remover. It is found under Moto G5 on rootjunkysdl.com. Link to comment Share on other sites More sharing options...
jdawg334 Posted January 26, 2018 Share Posted January 26, 2018 Looks like this was actually due to an Android feature rather than a security flaw. I have a Moto Z and it has this same "smart lock" as well and where the phone doesn't actually lock until you set the phone down or you can set it up so if you are have a smartwatch connected it stays unlocked as long as you are within blue-tooth range. I had to turn both of these off because I kept turning on my screen and making calls and opening Apps while walking around with the phone in my pocket.. Explanation from https://phandroid.com/2018/01/25/moto-g5-plus-amazon-prime-exclusive-lockscreen-bypass/ Quote The problem is that it’s hard to pinpoint what’s going on here. On the surface, it sure looks like Amazon’s ads are the culprit, but not so fast. Android also has a variety of features that could be coming into play, delaying the lockscreen from fully activating. As it turns out — at least for our furry friend here — the issue was simply Android’s “On-body Detection” feature — which keeps the device unlocked as long as it detects movement — something he claims was on by default (this usually isn’t the case). Locking and quickly unlocking the device doesn’t provide enough time for the phone to lock itself down, seemingly allowing a simple tap of an Amazon ad to give the user full access, although technically a swipe would do the same thing. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.