Wednesday, 3 August 2016

Xiaomi Redmi Note 3 Finger Print Scanner and It's Privacy Issues | 4 August 2016


From past few years one Chinese company is hitting the smartphone world like anything, Yes I am talking about  Xiaomi Inc. founded in 2010 , is a privately owned Chinese electronics company headquartered in Beijing. It is the world's 5th largest smartphone maker; in 2015 Xiaomi sold 70.8 million units and accounted for almost 5 percent of the smartphone global market share. Founded by Hong Feng and fellows, in 2015 company crossed revenue of 20 billion USD.

 According to IDC, in October 2014. Xiaomi was the third largest smartphone maker in the world, following Samsung and Apple Inc., and followed by Lenovo and LG. Xiaomi became the largest smartphone vendor in China in 2014, having overtaken Samsung, according to an IDC report. -Source


Xiaomi and Privacy Issues in Past

  • In October 2014, Xiaomi announced that it was setting up servers outside of China for international users citing improved services and compliance to regulations in several nations.Around the same time, the Indian Air Force issued a warning against Xiaomi phones, stating that they were a national threat as they sent user data to an agency of the Chinese government (Source)

  • According to the PhoneArena report, looking up the website of the company owning the IP address in the range 42.62.48.0-42.62.48.255 reveals that the website owner is www.cnnic.cn. CNNIC is the administrative agency responsible for Internet affairs under the Ministry of Information Industry of People’s Republic of China. It is based in the Zhongguancun high tech district of Beijing.





About Xioami Note 3 (Made in India)
 Xiaomi Redmi Note 3 smartphone was launched in November 2015. The phone comes with a 5.50-inch touchscreen display with a resolution of 1080 pixels by 1920 pixels at a PPI of 403 pixels per inch.

The Xiaomi Redmi Note 3 is powered by 1.4GHz/1.8GHz hexa-core Qualcomm Snapdragon 650 processor and it comes with 2GB/3GB of RAM. The phone packs 16/32GB of internal storage that can be expanded up to 128GB via a microSD card. As far as the cameras are concerned, the Xiaomi Redmi Note 3 packs a 16-megapixel primary camera on the rear and a 5-megapixel front shooter for selfies, the best part about phone it was the first phone which is manufactured in India and have finger print scanner security.

The Xiaomi Redmi Note 3 runs Custom MI UI Android 5.1 and is powered by a 4050mAh non removable battery. It measures 150.00 x 76.00 x 8.65 (height x width x thickness) and weighs 164.00 grams. - Source


How Fingerprint Scanner works
There are mainly three types of scanners available today to perform the required task.

  • Optical Scanner : Optical fingerprint scanners are the oldest method of capturing and comparing fingerprints. As the name suggests, this technique relies on capturing an optical image, essentially a photograph, and using algorithms to detect unique patterns on the surface, such as ridges or unique marks, by analysing the lightest and darkest areas of the image.



    Just like smartphone cameras, these sensors can have a finite resolution, and the higher the resolution.

    Much like the early days of the resistive touchscreen, you won’t find optical scanners used in anything but the most cost effective pieces of hardware these days. With increasing demand for tougher security, smartphones have unanimously adopted superior capacitive scanners.n, the finer details the sensor can discern about your finger, increasing the level of security.


  • Capacitive Scanner : Instead of creating a traditional image of a fingerprint, capacitive fingerprint scanners use arrays tiny capacitor circuits to collect data about a fingerprint. As capacitors can store electrical charge, connecting them up to conductive plates on the surface of the scanner allows them to be used to track the details of a fingerprint. The charge stored in the capacitor will be changed slightly when a finger’s ridge is placed over the conductive plates, while an air gap will leave the charge at the capacitor relatively unchanged. An op-amp integrator circuit is used to track these changes, which can then be recorded by an analogue-to-digital converter.




    Once captured, this digital data can be analyzed to look for distinctive and unique fingerprint attributes, which can be saved for a comparison at a later date. What is particularly smart about this design is that it is much tougher to fool than an optical scanner. The results can’t be replicated with an image and is incredibly tough to fool with some sort of prosthetic, as different materials will record slightly different changes in charge at the capacitor. The only real security risks come from either hardware or software hacking.

    Due to the number larger number of components in the detection circuit, capacitive scanners can be a little pricey. Some early implementations attempted to cut the number of capacitors needed by using “swipe” scanners, which would collect data from a smaller number of capacitor components by quickly refreshing the results as a finger is pulled over the sensor. As many consumers complained at the time, this method was very finicky and often required several attempts to scan the result correctly. Fortunately, these days, the simple press and hold design is far more common.

  • Ultrasonic Scanner : The latest fingerprint scanning technology to enter the smartphone space is an ultrasonic sensor, which was first announced to be inside the Le Max Pro smartphone. Qualcomm and its Sense ID technology are also a major part of the design in this particular phone.To actually capture the details of a fingerprint, the hardware consists of both an ultrasonic transmitter and a receiver.

    An ultrasonic pulse is transmitted against the finger that is placed over the scanner. Some of this pulse is absorbed and some of it is bounced back to the sensor, depending upon the ridges, pores and other details that are unique to each fingerprint.

    There isn’t a microphone listening out for these returning signals, instead a sensor that can detect mechanical stress is used to calculate the intensity of the returning ultrasonic pulse at different points on the scanner. Scanning for longer periods of time allows for additional depth data to be captured, resulting in a highly detailed 3D reproduction of the scanned fingerprint. The 3D nature of this capture technique makes it an even more secure alternative to capacitive scanners.



Xioami Note 3's Finger Print Scanner


Xioami uses the new Qualcomm Snapdragon 650 SoC which is based on  Qualcomm SecureMSM hardware-based foundation. Plus, integration with FIDO (Fast IDentity Online) Alliance biometrics enables the device to keep fingerprint data on the device, not in the cloud, and to connect more securely to FIDO-enabled websites, online accounts and devices. So, Redmi Note 3 is actually one of the best phones for the price not only because of the performance but also because of the security.


The FIDO (Fast IDentity Online) Alliance has developed strong cryptographic protocols that use these protected hardware zones to enable password-less authentication handshakes between hardware and services. So you can log into a website or online shop using your fingerprint without your unique data ever having to leave your smartphone. This is accomplished by passing digital keys rather than bio metric data to servers.  (Source)

Attacks in Public Domain on Qualcomm
  • Exploring Qualcomms Secure Execution : http://bits-please.blogspot.in/2016/04/exploring-qualcomms-secure-execution.html

  • Fingerprints On Mobile Devices Abusing & Leaking: https://www.blackhat.com/docs/us-15/materials/us-15-Zhang-Fingerprints-On-Mobile-Devices-Abusing-And-Leaking-wp.pdf
Conclusion : Fingerprint scanners have become quite a secure alternative to remembering countless user-names and passwords, and the further roll out of secure mobile payment systems means that these scanners are likely to become a more common and crucial security tool in the future.

The only problem with fingerprint scanners is that if your bio metric information has been compromised,  you can’t change it. 

Learn Ethical Hacking in India with Lucideus Weekends Batch Starting from Aug 21st 
For More Info : www.lucideustraining.com : Whatsapp/Call:  +91-9717083090

  • Stumble This
  • Fav This With Technorati
  • Add To Del.icio.us
  • Digg This
  • Add To Facebook
  • Add To Yahoo

7 comments:

Kailash Kumar said...

Nice Informative blog..

NEELESH'S CHART BOARD said...

WOW. Rahul Sir, Superb piece !

Mobileservicecenter said...

Nice blog.. very Impressive information.. Searching for nearest lenovo service centre...

GenTech said...

Wonderful information that you have to share this here with us.
Genesis Technologies having IT job in Indore for developers in Java, PHP, iOS, and android.
We are looking for talented people who are willing to work in a challenging environment.

Sophia Carter said...

Glad that you have published a great article on redmi note 3. I love this smartphone, it comes with great specification and has fascinating redmi note 3 back cover and cases in India.

Ruby Shopie said...

Very fruitful information provided by you. buy Hdmi cable online | buy VGI cable online

GenTech said...

Nice post by you. Get best IT services in by Genesis Technologies like Internet Marketing services in Indore Web Designing services Indore

Post a Comment