It was recently reported that a security flaw in the Amazon Prime Exclusive version of the Lenovo Moto G5 Plus granted access to the phone without the need for authentication, however according to Amazon, the flaw isn’t a flaw at all.
If you’re already an Amazon Prime member (or have access to the free trial), then you have the option of picking up certain mobile phones with a discount off the recommended retail price. What’s the catch? You have to deal with lock screen ads and “offers” from Amazon. So if you can live with your recent Amazon searches popping up on your lock screen when you use your phone, then you’ve got a bargain.
That’s the way it is with the Moto G5 Plus, which can be picked up for $240 with Amazon’s Prime Exclusive deal, a bargain for most. However, according to some users, it was easy to bypass the phone’s lock screen by tapping on a lock screen ad, which opens up Chrome — seemingly bypassing the lock screen altogether. But, as Amazon points out, the reason the lock screen is bypassed is because of an Android-wide feature called Smart Lock. Specifically, when “body detection” is enabled, users are able to bypass the lock screen because the phone recognizes that it’s still in motion. To be clear, this feature has to be enabled, and it shouldn’t be on by default.
Reddit users were quick to try and replicate the flaw and it was discovered that Moto Display needed to be turned on, and the so-called flaw doesn’t replicate if the phone has been turned off for a significant amount of time. The description of a replication video says that duration is around 30 seconds, which doesn’t sound too bad until you realize that is 30 seconds during which anyone can access your phone. It’s likely that the time estimate was simply how long it took on-body detection to stop detecting.
Long story short: There is no known security flaw on the Amazon Prime Exclusive version of the Moto G5 Plus. The issue is that Smart Lock is enabled — and if you don’t like that you can simply disable it. That’s good news for users, who probably didn’t want a way for anyone to get easy access to their device.
Update: The supposed security flaw on the Moto G5 Plus is simple on-body detection being enabled and not a flaw at all.
- Notepad has a major security flaw that leaves Windows PCs vulnerable to hackers
- Researchers discover a worrying security flaw in Zipato smart home hubs
- Apple’s iOS 12.4 apparently unpatched a security flaw and enabled a jailbreak
- Facebook admits to Messenger Kids security flaw but insists it’s fixed
- Apple’s iOS 12.4 brings back Walkie-Talkie, makes improvements to Apple News+