Moto G5 Plus "Prime Exclusive" edition with a major security drawback
Hey @amazon @MotorolaUS. I found a security flaw in my Amazon motot g5. Hit fingerprint sensor (it says fingerprint not recognized), then press power button, then click view ad on the lockscreen. This gives you 100% access to the phone. pic.twitter.com/eqLWLn34pD— Jaraszski Colliefox (@jaraszski) January 22, 2018
In the video above, which @jaraszski posted on his Twitter account, you can see the exact steps of getting through what seemed at first a securely locked phone:
This issue has been replicated by other users as well, as you can see in this video. Also, as mentioned by a Reddit user, this security dent seems to be related to the Moto Display feature being enabled, which leaves the screen slightly lit. With all that said, the bug seems to not occur every single time. Twitter user @yubacore states if the phone is locked for at least 30 seconds, everything would go as normal and you would not be able to get through the lockscreen.
- Click the fingerprint sensor
- Wait for "Wrong fingerprint" message to pop up
- Press the power button
- Click the ad
- Now you're in the browser, press home button
- Congratulations, you've successfully passed the lock screen!
If you happen to own another from the Prime Exclusive devices, you can stay calm - this bug seems to be happening only on the Moto G5 Plus, with no reports of it occurring on other devices. Still, it's quite nasty as it can cause a lot of damage and we hope it's getting fixed as soon as possible.
UPDATE: An Amazon representative has contacted us, stating that the problem may be due to Android's 'Smart Lock' feature, and not to Amazon's lockscreen ads and offers.
source: @jaraszki via AndroidAuthority