Jump to content

Amazon Moto G5 has a major security flaw


Reefa

Recommended Posts

Amazon Moto G5 has a major security flaw

 

There’s a bit of a flaw in the Motorola-made Amazon Moto G5 and Moto G5 Plus. Confirmed by several owners of the device in several different parts of the United States, this flaw is… kind of unbelievable. All one needs to do to bypass lockscreen security is fail their fingerprint sensor test, press the power button, and tap the ad.

 

Once the user taps the ad, the ad’s link connects to the device’s web browser. Once the user is in the web browser, they’re also inside the phone’s security lock. As such, there is no security on this smartphone. Advertisements make this smartphone a little less expensive than its non-Amazon counterpart. Ads make this phone very insecure.

 

ALSO: Moto Display must be turned on for this combination of moves to unlock the phone. But without a password or a proper fingerprint, any user seems to be able to log in with ease. Amazon’s ads are this phone’s undoing. It’s a real bummer since this phone is such a great piece of hardware.

 

Quote

 

One example of a user trying this flaw out is shown above, and another is shown below. A reddit thread confirms that this is not an isolated incident. This is a real deal, and users of these phones should take all precautions to secure their phone by alternate means.

 

 

 

This monstrous security flaw likely has a relatively simple fix on the developer side – but the damage is already done. Amazon and/or Motorola has to answer for this flaw as soon as possible, and send out an update to stop the glitch immediately. This is just nonsense. Stick around as we see what Amazon and/or Motorola has to say about this situation, hopefully soon.

 

 

 

Link to comment
Share on other sites

  • Replies 3
  • Created
  • Last Reply

And if you are tired of looking at the Amazon ads you can remove them using RootJunky's Amazon Ad Remover.  It is found under Moto G5 on rootjunkysdl.com.  

Link to comment
Share on other sites

Looks like this was actually due to an Android feature rather than a security flaw. I have a Moto Z and it has this same "smart lock" as well and where the phone doesn't actually lock until you set the phone down or you can set it up so if you are have a smartwatch connected it stays unlocked as long as you are within blue-tooth range. I had to turn both of these off because I kept turning on my screen and making calls and opening Apps while walking around with the phone in my pocket.. 

 

Explanation from

https://phandroid.com/2018/01/25/moto-g5-plus-amazon-prime-exclusive-lockscreen-bypass/

 

Quote

 

The problem is that it’s hard to pinpoint what’s going on here. On the surface, it sure looks like Amazon’s ads are the culprit, but not so fast. Android also has a variety of features that could be coming into play, delaying the lockscreen from fully activating.

 

As it turns out — at least for our furry friend here — the issue was simply Android’s “On-body Detection” feature — which keeps the device unlocked as long as it detects movement — something he claims was on by default (this usually isn’t the case). Locking and quickly unlocking the device doesn’t provide enough time for the phone to lock itself down, seemingly allowing a simple tap of an Amazon ad to give the user full access, although technically a swipe would do the same thing.

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...