Field
Various features generally relate to security protocols and devices, and more particularly to methods and devices for securely displaying information on a secondary display device.
Background
As mobile devices such as mobile phones, smartphones, laptops, tablets, etc. increase in complexity and capability, so too does the opportunity for malicious use of resources and access afforded by such devices. Security protocols and methods are thus routinely used by mobile devices to help thwart malicious attacks and misuse of mobile devices. However, there still exists many different types of security holes for mobile devices that are currently poorly addressed and consequently are capable of being exploited by rogue entities and software applications.
FIG. 1 illustrates a mobile device 100, such as a mobile smartphone, found in the prior art. The mobile device 100 includes a processor 102, a display 104, and a high level operating system (HLOS) 106 that is host to an application 108. In the illustrated example, the application 108 may be a third party application (e.g., an application not associated, produced, and/or endorsed by the original equipment manufacturer (OEM)) that is malicious in that it may take one or more actions that are detrimental to the mobile device 100 and/or its user, or are generally undesirable and unauthorized by the mobile device 100.
For example, the mobile device 100 may be configured such that financial transactions must be approved by a user of the mobile device 100 before they are executed. In particular, approval by the user to proceed with the financial transaction in turn directs the processor 102 to authorize the transaction. In one instance, the malicious application 108 may request the user of the mobile device 100 to approve a financial transaction purportedly totaling $5. Specifically, the application 108 may transmit to or otherwise cause the display 104 to show the user a financial transaction approval request 110 that states the requested amount is $5. However, at the same time the display 104 shows the $5 request 110 to the user, the malicious application 108 insidiously transmits a request 112 to the processor 102 to authorize the execution of a financial transaction in the amount of $500. The user may then attempt to approve the $5 transaction request 110 shown on the display 104 by selecting a corresponding “approve” or “OK” option thereby unwittingly causing the processor 102 to authorize instead the $500 request 112 submitted to it by the malicious application 108.
The instance described above with respect to FIG. 1 is merely one example. Malicious applications 108 may generally take advantage of unsecure displays 104 on mobile devices 100 by displaying one thing on the display 104 yet requesting authorization of something very different. Besides unscrupulous financial transactions, another non-limiting, non-exclusive example is a malicious application 108 displaying a request to redirect the user to a first uniform resource locator (URL) address (e.g., website address) while simultaneously requesting the mobile device's 100 processor 102 to redirect the user to another, second website that may have nefarious intentions.
Thus, there is a need to provide robust mobile devices and methods for mobile devices that secure users and mobile devices from security vulnerabilities like the ones described above. In particular, there is a need for secure mobile devices and methods to address the inherent security vulnerabilities that are present due to a mobile device's unsecure display.