Amazon has been teaming up with smartphone manufacturers to offer devices at a significant discount under the Prime Exclusive program. That program allows users to buy the phones at a lower price than full retail with the caveat being that the user will have to see ads on the
However, the device has a security flaw that could be exploited by anyone that has physical access to your smartphone. The first step of this newly discovered exploit is to touch the fingerprint scanner of the device. If the fingerprint of the user isn’t registered, it will indicate that the fingerprint was not recognized. Then you can press the power button and the display will turn on with the lock screen ad displayed.
Then you click the ad and the phone unlocks and opens a webpage to view whatever product the ad is shilling. There are some caveats to this flaw, however; namely not all users of the device have been able to replicate the issue, but a large number have successfully pulled off the trick. There are also reports that if you leave the phone locked for long enough, you can’t get back in via this exploit.
Hey @amazon @MotorolaUS. I found a security flaw in my Amazon motot g5. Hit fingerprint sensor (it says fingerprint not recognized), then press power button, then click view ad on the lockscreen. This gives you 100% access to the phone. pic.twitter.com/eqLWLn34pD— Jaraszski Colliefox (@jaraszski) January 22, 2018
It’s also worth noting that the same bypass has been tried on other devices on the Amazon Prime Exclusive program, specifically the Nokia 6 Prime Exclusive; but the bypass apparently only works on the G5 Plus.