Since 2016, Amazon has been offering striking discounts on “Prime Exclusive” smartphones in the US. As a compromise for the discounts, the unlocked smartphones are pre-loaded with bloatware including Amazon apps and lockscreen ads but, that is turning out to be a huge price to pay.
Many Moto G5 and Moto G5 Plus owners who’ve bought their devices via Amazon’s smartphone-as-a-billboard scheme are experiencing a serious security flaw in these devices.
The security flaw on these devices allows anyone to bypass fingerprint security by simply tapping on the lock-screen ads. The problem first came to light when Moto G5 owner Jaraszski Colliefox tweeted a video of his phone unlocking if he clicks on the “Learn more” tab on the lock-screen ad.
Hey @amazon @MotorolaUS. I found a security flaw in my Amazon motot g5. Hit fingerprint sensor (it says fingerprint not recognized), then press power button, then click view ad on the lockscreen. This gives you 100% access to the phone. pic.twitter.com/eqLWLn34pD
— Jaraszski Colliefox (@jaraszski) January 22, 2018
The phone instantly opens up the ad in an Amazon.com web page, and even allows users to return to the home screen without any hassle.
Several others flocked social media channels of Motorola U.S. and Amazon with complaints regarding the issue compromising the security on their Moto G5 and Moto G5 Plus smartphone. It appears, from the sea of complaints, that the flaw is especially affecting users who have Moto Display turned on. Moto Display is dimly lit screen which allows users to see lock screen notifications without unlocking their phones.
A YouTuber Iblitzer has demonstrated in his video how the phone locks back again if it’s left untouched for 30 seconds but, that does not sideline the fact that this short window of time is enough for anyone to find a way into your web applications, and unlocked files.
https://www.youtube.com/watch?v=uKl9RNwKeUM
As of now, it is unclear whether the issue is specific to Moto G5 devices or if it plagues other smartphones under Amazon’s Prime Exclusive program, but Android Police reported failure to achieve it with a Nokia 6. More importantly, a blame game between the two American tech giants could be expected but, let’s hope it does not overshadow the concern of security and consumer interest.
