Security flaw in Moto G5 Plus allows anyone to bypass lockscreen

A critical security flaw or bug in Motorola Moto G5 Plus lets anyone easily bypass the lockscreen without going through the authentication process.

Amazon’s Prime Exclusive program has been running successfully from quite some time now; under this program, Amazon partners with mobile phone vendors to sell their phones on a considerably low price if customers choose to preload the phones with Amazon apps and ads on the lock screen.

Reportedly, one of the Prime Exclusive devices Moto G5 Plus had a security flaw related to these ads. The flaw allows an individual to easily bypass the lockscreen without going through the authentication process. Twitter user Jaraszski Colliefox discovered the flaw and immediately tweeted about it:

“I found a security flaw in my Amazon moto g5. Hit fingerprint sensor (it says fingerprint not recognized), then press the power button, then click view ad on the lockscreen. This gives you 100% access to the phone” posted Colliefox.

Security flaw in Moto G5 Plus allows anyone to bypass lockscreen
The tweet has been deleted by Colliefox.

 

Colliefox also posted a video demonstrating how a Prime Exclusive G5 Plus phone is getting unlocked without needing owner’s fingerprint to be registered. The video shows that the phone gets completely unlocked and opens a linked web page in the advertisement while when the home button was pressed the home screen after the user got revealed. It was believed to be a user error or a problem in the auto-lock settings of the device. However, the second video negated this theory completely as it shows a shot of the auto-lock settings.

Then Android Police started testing for this flaw using Nokia 6 Prime Exclusive but could not replicate it. This hinted at the fact that there might be an issue with Moto G5 Plus instead of the lockscreen ads. The issue only occurs when Moto Display is turned on and once it is active it doesn’t allow the user back if the phone has remained locked for some time (as per the video the duration is 30 seconds).

Amazon was contacted to comment but still, there hasn’t been an official statement about the issue noticed in the Amazon Prime Exclusive device.

Update: 

In a conversation with HackRead, Amazon spokesman said that:

“Motorola worked to recreate the unlock scenario seen in the video and found that it appears to be caused by an Android setting called Smart Lock, which allows the device to remain unlocked via body detection. This Smart Lock feature works as designed across Android phones and is completely separate from the lockscreen offers and ads experience on Prime Exclusive Phones.”

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.