Tuesday, 11 August 2020

Xiaomi user turns fingerprint sensor into a terrible camera

Xiaomi Mi 9T Display on soft surface

  • A Xiaomi user has demonstrated how to access the video feed from their phone’s in-display fingerprint sensor.
  • The info was garnered by installing an app that gives users access to hidden activities within the device.
  • While the image quality is low, this does raise a number of security questions.

Have you ever wondered what your optical in-display fingerprint sensor can see? Well, a Xiaomi user has done just that, unearthing a few security questions in the process.

As demonstrated on Reddit, the Xiaomi Mi 9T user can access the imaging feed from the Goodix-made optical in-display fingerprint sensor on their device after installing the Activity Launcher app. The app, which gives users access to hidden activities within the device, also allows access to calibration menus, factory tests, and other demos.

As expected, the image quality from the Xiaomi Mi 9T’s sensor is pretty horrid. The video feed is jittery, while the image itself is decidedly low-resolution compared to what you’d get from a selfie camera. Fingerprint sensors aren’t designed to focus beyond the glass on which your fingertip rests, so it doesn’t necessarily mean malicious actors can spy on users through this sensor.

What is worrying though is that end-users can access this information through an app, potentially leaving the door open for malicious actors. XDA-Developers editor-in-chief Mishaal Rahman points this out in a Twitter thread of his own. “OEMs really shouldn’t be leaving these debug apps in production builds…” he writes.

The Reddit user does note that the app was a third-party download and did not come preinstalled on the device. Regardless, it’s possibly more worrying that a third-party app can gain access to these hidden activities so easily on the phone.

Developers require access to these debugging tools to address issues or streamline processes within their apps where authentication may be needed. However, biometric data is also required to be secured behind a phone’s Trusted Execution Environment, a secure area of the device’s processor. This is one of the criteria for devices to meet Android’s compliance standards.

Following the original user, others have tried to gain access to their devices’ fingerprint sensors too, but it seems a terrible idea for inexperienced users. One Poco F2 Pro owner’s in-display fingerprint sensor “stopped working” after accessing calibration menus.

Next: Xiaomi says Mi Mix Alpha is no more, but new Mi Mix is coming



from Android Authority https://ift.tt/2XPEZgf
at No comments:
Labels:

Report: Millions of Snapdragon phones are prone to spying, malware, and bricking!

Check Point security researchers revealed that they have discovered more than 400 code vulnerabilities named "Achilles" in the digital signal processors (DSPs) of Qualcomm Snapdragon chips.
Report: Millions of Snapdragon phones are prone to spying, malware, and bricking!
File photo: A Snapdragon-powered flagship

Qualcomm security risks

The report claimed that attackers can quietly record calls, steal data, render the device unusable, and even install and silent and non-removable malware.

Currently, the team is keeping the details a secret to prevent malicious use of the vulnerability before there's a fix.

The researchers used a fuzz testing tech and other methods to identify the flaws. To fix this, Qualcomm had to address the issues first. Phone vendors themselves cannot fix it.

Qualcomm acknowledged the flaws and shared the details with brands while it provides "appropriate mitigations" to brands.

In 2019 alone, it was estimated that 40 percent of the phones shipped are powered by Snapdragon chips.

Check Point research head Yaniv Balmas said fixing them all could be difficult or impossible. Having said that, "hundreds of millions" of phones are exposed.

Thankfully, there is no evidence of active exploits yet and users could minimize their risk by getting patches when available and downloading from "trusted" sources like Google Play.

But still, let's all be careful.



from GIZGUIDE | Your Gadget Coach https://ift.tt/2XNFLdH
at No comments:
Labels:

How women entrepreneurs in India are challenging social and cultural norms


In India, the proportion of women in paid work is among the lowest in the world, at just over 23% – a figure which contrasts sharply with the corresponding rate of over 78% for men. Opportunities for women to enter employment in the country are limited by a range of factors. These include a dominant tradition of female domestic responsibility and prevailing social patriarchy. Deeply entrenched cultural expectations mean that women are more likely to stay at home. And when they do work, it is mainly on an informal basis, without the luxury of secured wages and contracts. Against this…

This story continues at The Next Web


from The Next Web https://ift.tt/3gN7B11
at No comments:
Labels:

7 simple tips to keep cool if you’re working from home during a heatwave


Is your home office currently as hot as the Sahara? Are you feeling hot and bothered and struggling to concentrate? Is it all getting a little too much? If so, fear not, because here are a few tips and tricks to help you cool down if you’re working from home during a heatwave. [Read: COVID-19 canceled doctors’ office visits — these startups are bringing the doctor to you] Start earlier If you’re lucky enough to have flexible working hours, let your colleagues and team lead know that you’ll be starting work earlier. By doing so, you should be able to avoid…

This story continues at The Next Web


from The Next Web https://ift.tt/31GpKra
at No comments:
Labels:

OnePlus’ Oxygen OS 11 could borrow these cool new features from Hydrogen OS 11

OnePlus Hydrogen OS 11

Credit: OnePlus
  • OnePlus has announced Hydrogen OS 11 based on Android 11.
  • The China-specific skin comes with a ton of new features.
  • All these features could also land on Oxygen OS 11.

OnePlus has officially unveiled its Android 11-based Hydrogen OS 11 software. Hydrogen OS is OnePlus’ China-specific Android skin without Google Play services and pre-installed Google apps. In the rest of the world, the company equips its phones with Oxygen OS. While the two skins are different names, they are made by the same team and share a very similar codebase. So it’s only natural to presume that the new Hydrogen OS features could also land on Oxygen OS in the future.

Hydrogen OS 11 adds a ton of new features (h/t: ITHome) to OnePlus phones in China. The software update comes with the highly anticipated always-on display, multi-user Zen Mode, new animations, and a new Weather app.

It also adds a one-handed mode to OnePlus phones, new wallpapers that change based on the time of day, and voice notes with AI-powered speech-to-text conversion.

Also read: Give me a great software skin over stock Android any day

The dark mode has also received some UI changes in Hydrogen OS 11 (see image below). It now uses different shades of black for better clarity and distinction of information. Additionally, it now supports time-based activation and has a quick settings toggle.

OnePlus HydrogenOS 11 dark mode

Credit: OnePlus

Further, Hydrogen OS 11 also features a new ORM memory management system. It’s designed to improve RAM management, run more apps with the same amount of memory, and reduce the probability of apps being killed in the background.

The new software also features a Turbo Booster 2.0 mode aimed at OnePlus phones with high refresh rate screens. It allows the phones to better maintain the full frame rate for tasks like gaming.

You can see a quick official OnePlus video below summarizing all the main features of Hydrogen OS 11.

Hydrogen OS 11 availability

Hydrogen OS 11 will roll out to the OnePlus 6 and all its successors. OnePlus has already released the developer build of Hydrogen 11 in China for the OnePlus 8 series. It comes with most of the new features mentioned above. The stable version is scheduled to roll out in Q4 2020.

Meanwhile, OnePlus also has an Android 11 beta program for the OnePlus 8 series outside of China. However, none of the new Hydrogen OS 11 features are available in the Android 11 developer preview for the global OnePlus 8 and OnePlus 8 Pro models.

See also: Here’s when OnePlus will release its final OxygenOS 11 preview



from Android Authority https://ift.tt/2PDX2Bw
at No comments:
Labels:
Subscribe to: Comments (Atom)