Wednesday, 3 August 2016

Xiaomi Redmi Note 3 Finger Print Scanner and It's Privacy Issues | 4 August 2016

5 comments

From past few years one Chinese company is hitting the smartphone world like anything, Yes I am talking about  Xiaomi Inc. founded in 2010 , is a privately owned Chinese electronics company headquartered in Beijing. It is the world's 5th largest smartphone maker; in 2015 Xiaomi sold 70.8 million units and accounted for almost 5 percent of the smartphone global market share. Founded by Hong Feng and fellows, in 2015 company crossed revenue of 20 billion USD.

 According to IDC, in October 2014. Xiaomi was the third largest smartphone maker in the world, following Samsung and Apple Inc., and followed by Lenovo and LG. Xiaomi became the largest smartphone vendor in China in 2014, having overtaken Samsung, according to an IDC report. -Source


Xiaomi and Privacy Issues in Past

  • In October 2014, Xiaomi announced that it was setting up servers outside of China for international users citing improved services and compliance to regulations in several nations.Around the same time, the Indian Air Force issued a warning against Xiaomi phones, stating that they were a national threat as they sent user data to an agency of the Chinese government (Source)

  • According to the PhoneArena report, looking up the website of the company owning the IP address in the range 42.62.48.0-42.62.48.255 reveals that the website owner is www.cnnic.cn. CNNIC is the administrative agency responsible for Internet affairs under the Ministry of Information Industry of People’s Republic of China. It is based in the Zhongguancun high tech district of Beijing.





About Xioami Note 3 (Made in India)
 Xiaomi Redmi Note 3 smartphone was launched in November 2015. The phone comes with a 5.50-inch touchscreen display with a resolution of 1080 pixels by 1920 pixels at a PPI of 403 pixels per inch.

The Xiaomi Redmi Note 3 is powered by 1.4GHz/1.8GHz hexa-core Qualcomm Snapdragon 650 processor and it comes with 2GB/3GB of RAM. The phone packs 16/32GB of internal storage that can be expanded up to 128GB via a microSD card. As far as the cameras are concerned, the Xiaomi Redmi Note 3 packs a 16-megapixel primary camera on the rear and a 5-megapixel front shooter for selfies, the best part about phone it was the first phone which is manufactured in India and have finger print scanner security.

The Xiaomi Redmi Note 3 runs Custom MI UI Android 5.1 and is powered by a 4050mAh non removable battery. It measures 150.00 x 76.00 x 8.65 (height x width x thickness) and weighs 164.00 grams. - Source


How Fingerprint Scanner works
There are mainly three types of scanners available today to perform the required task.

  • Optical Scanner : Optical fingerprint scanners are the oldest method of capturing and comparing fingerprints. As the name suggests, this technique relies on capturing an optical image, essentially a photograph, and using algorithms to detect unique patterns on the surface, such as ridges or unique marks, by analysing the lightest and darkest areas of the image.



    Just like smartphone cameras, these sensors can have a finite resolution, and the higher the resolution.

    Much like the early days of the resistive touchscreen, you won’t find optical scanners used in anything but the most cost effective pieces of hardware these days. With increasing demand for tougher security, smartphones have unanimously adopted superior capacitive scanners.n, the finer details the sensor can discern about your finger, increasing the level of security.


  • Capacitive Scanner : Instead of creating a traditional image of a fingerprint, capacitive fingerprint scanners use arrays tiny capacitor circuits to collect data about a fingerprint. As capacitors can store electrical charge, connecting them up to conductive plates on the surface of the scanner allows them to be used to track the details of a fingerprint. The charge stored in the capacitor will be changed slightly when a finger’s ridge is placed over the conductive plates, while an air gap will leave the charge at the capacitor relatively unchanged. An op-amp integrator circuit is used to track these changes, which can then be recorded by an analogue-to-digital converter.




    Once captured, this digital data can be analyzed to look for distinctive and unique fingerprint attributes, which can be saved for a comparison at a later date. What is particularly smart about this design is that it is much tougher to fool than an optical scanner. The results can’t be replicated with an image and is incredibly tough to fool with some sort of prosthetic, as different materials will record slightly different changes in charge at the capacitor. The only real security risks come from either hardware or software hacking.

    Due to the number larger number of components in the detection circuit, capacitive scanners can be a little pricey. Some early implementations attempted to cut the number of capacitors needed by using “swipe” scanners, which would collect data from a smaller number of capacitor components by quickly refreshing the results as a finger is pulled over the sensor. As many consumers complained at the time, this method was very finicky and often required several attempts to scan the result correctly. Fortunately, these days, the simple press and hold design is far more common.

  • Ultrasonic Scanner : The latest fingerprint scanning technology to enter the smartphone space is an ultrasonic sensor, which was first announced to be inside the Le Max Pro smartphone. Qualcomm and its Sense ID technology are also a major part of the design in this particular phone.To actually capture the details of a fingerprint, the hardware consists of both an ultrasonic transmitter and a receiver.

    An ultrasonic pulse is transmitted against the finger that is placed over the scanner. Some of this pulse is absorbed and some of it is bounced back to the sensor, depending upon the ridges, pores and other details that are unique to each fingerprint.

    There isn’t a microphone listening out for these returning signals, instead a sensor that can detect mechanical stress is used to calculate the intensity of the returning ultrasonic pulse at different points on the scanner. Scanning for longer periods of time allows for additional depth data to be captured, resulting in a highly detailed 3D reproduction of the scanned fingerprint. The 3D nature of this capture technique makes it an even more secure alternative to capacitive scanners.



Xioami Note 3's Finger Print Scanner


Xioami uses the new Qualcomm Snapdragon 650 SoC which is based on  Qualcomm SecureMSM hardware-based foundation. Plus, integration with FIDO (Fast IDentity Online) Alliance biometrics enables the device to keep fingerprint data on the device, not in the cloud, and to connect more securely to FIDO-enabled websites, online accounts and devices. So, Redmi Note 3 is actually one of the best phones for the price not only because of the performance but also because of the security.


The FIDO (Fast IDentity Online) Alliance has developed strong cryptographic protocols that use these protected hardware zones to enable password-less authentication handshakes between hardware and services. So you can log into a website or online shop using your fingerprint without your unique data ever having to leave your smartphone. This is accomplished by passing digital keys rather than bio metric data to servers.  (Source)

Attacks in Public Domain on Qualcomm
  • Exploring Qualcomms Secure Execution : http://bits-please.blogspot.in/2016/04/exploring-qualcomms-secure-execution.html

  • Fingerprints On Mobile Devices Abusing & Leaking: https://www.blackhat.com/docs/us-15/materials/us-15-Zhang-Fingerprints-On-Mobile-Devices-Abusing-And-Leaking-wp.pdf
Conclusion : Fingerprint scanners have become quite a secure alternative to remembering countless user-names and passwords, and the further roll out of secure mobile payment systems means that these scanners are likely to become a more common and crucial security tool in the future.

The only problem with fingerprint scanners is that if your bio metric information has been compromised,  you can’t change it. 

Learn Ethical Hacking in India with Lucideus Weekends Batch Starting from Aug 21st 
For More Info : www.lucideustraining.com : Whatsapp/Call:  +91-9717083090

Saturday, 19 March 2016

How to Make Python Payload Executable on Mac | Rahul Tyagi

4 comments




Step 1: Make this the first line of your Python script "#!/usr/bin/env python".

Step 2: Change the extension of the script file to ".command" i.e. my_python_script.command.

Step 3: In Terminal make the Python script file executable by running "chmod +x my_python_script.command".

Step 4: Now when you double click the Python script in Finder it will open a terminal window and run.

Friday, 25 December 2015

A student who wants to suicide because he was having 57% in 12th | Must Read for Every Student | Rahul Tyagi

13 comments

Incident : Sep 9 2011
-------------------------
On Sep 9 2011 night, I got a call from one student of mine, he was not selected in an interview,  because he was not eligible for the company set criteria that is overall 60% throughout study life. (10th - Masters). That guy really was too upset and wants to suicide. The word he said really hurt me , that " MY Career is finished, I have 57% marks in +2 so I am not eligible for the test in any company, I am ruined and now even my parents not gona support me anymore". With these words he cried like hell, that guy I knew from a while, he was a strong boy but the way he cried really shocking. Then I told him not to do such stupid thing and called his father and then things got settled. 

Tuesday, 8 December 2015

How to Jailbreak iOS 9.1 / 9.2 Beta | New Method Dec 8 2015

3 comments


Sunday, 15 November 2015

Learn Ethical Hacking in Delhi | Lucideus Labs | Winter Training 2015

4 comments
Register for India's most coolest & the most advanced winter training program on Hacking & Security
LCEH | Lucideus Certified Ethical Hacker

 Buckle up as you are about to be bombarded with doses of awesomeness like never before. 
And guess what, it gives you placement if you fair well in the examination.

So what is this training all about? 

It's a training program where you will get to see and try by your own hands how a real world hacker works so that you can defend yourself from the attacks. 

We have following courses designed for you

Course Name
Delivery Mode
Duration Per Day
No Of Days
Course Duration
LCEH G1
Regular (Mon-Fri)
2 Hours
20 Days
40 Hours
LCEH G2
Regular (Mon-Fri)
2 Hours
20 Days
40 Hours
LCEH G1 + G2
Regular (Mon-Fri)
2 Hours
40 Days
80 Hours
Weekend (Sunday)
8 Hours
10 Days
80 Hours


Can I see the Course Contents?

Course content is attached with this mail. 
Click here to know more about Lucideus


Where Does it Take Place?

At Lucideus Labs, New Delhi - Click Here to see the pictures
(please note : the pictures are of our own Lab, and have NOT been taken from Google)

Saturday, 3 October 2015

Ethical Hacking Workshop in Chandigarh University | Lucideus

1 comments
https://www.facebook.com/media/set/?set=a.207350479275756.57638.100000024154478&type=1&l=8e0422a335

Ethical Hacking Workshop in Punjabi University , Patiala | Lucideus

2 comments

One of the most amazing workshop

Posted by Rahul Tyagi on Saturday, February 11, 2012