In discussing mobile security, we mainly focus on protecting our devices from hackers with strong encryption algorithms, secure transaction protocols, etc. But the closer we move toward mobile payment systems, the more the people around us start to pose a bigger threat. The malicious observers could easily steal our credentials by glancing at our screens, plus they could gain physical access to our devices themselves. Relying on biometrics isn't a very viable alternative either, since your biometric data is also readily available to the "bad guys" around you.
We call this threat a "HITBAD" problem, which stands for "Here Is The Body And Device". This is a relatively new security challenge, and it differs from the rest.
Why is HITBAD a new problem?
Before the arrival of the mobile era, we mainly used desktop computers behind closed doors. Now, we regularly unlock our smart phones and log in to sensitive apps in public when we can't always keep our devices completely hidden from the people around us.
How is HITBAD different from other security risks?
Any solution that could protect you against hackers is absolutely useless when it comes to protecting you against a HITBAD problem. It doesn't matter how secure your encryption methods or transaction protocols are, since a criminal could steal your password and gain physical access to your device. On the other hand, any solutions that could protect you against a HITBAD problem would be considered too weak to use against experienced hackers. That means any measure that protects against a HITBAD problem should act as a complimentary layer of protection, not a replacement to any existing security solution.
What about using longer PINs or two-factor authentication?
All these security measures are meant to protect you from online threats, but they do not work against HITBAD problem, because your device and credentials could be in the wrong hands.
Why is HITBAD an overlooked security problem?
There are several popular approaches to protect your login steps: using screen draw patterns and picture unlock features, making the login numeric pad look like a calculator, applying self-adhesive privacy screen protectors, etc. All these methods have a common and serious drawback: if a malicious observer sees your screen when you are unlocking your device or logging in to a sensitive app, the wrongdoer can repeat your login steps and access your information. This means none of the existing solutions protects your sensitive information from people around you...
How do we fight a HITBAD problem?
Since there's no security measure that can tackle all existing mobile security challenges, we would need an additional layer of protection to fight a HITBAD problem. At SYMPIUS, we have developed a revolutionary technology called SPINT, which requires you to know two secrets when logging into a device or sensitive app: (1) What you enter, and (2) How you enter it.
Based on SPINT technology, we have created the first ever app that's capable of protecting your data against a HITBAD problem. The app allows you to log in and access sensitive information without worrying about the people around you staring at your screen, or video-recording the authentication process.