Systems and methods for detecting gadgets on computing devices
First Claim
1. A computer-implemented method for detecting gadgets on computing devices, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying, on the computing device, a process comprising a plurality of modules;
identifying, within the process, each module that does not implement a security protocol that randomizes, each time the module executes, a memory location of at least one portion of data accessed by the module;
copying each module that does not implement the security protocol to a section of memory dedicated to security analyses;
determining, based on detecting at least one gadget-specific characteristic within at least one copied module, that the process comprises a gadget that is capable of being maliciously exploited; and
performing a security action on the computing device to prevent the gadget from being maliciously exploited.
2 Assignments
0 Petitions
Accused Products
Abstract
The disclosed computer-implemented method for detecting gadgets on computing devices may include (i) identifying, on a computing device, a process containing multiple modules, (ii) identifying, within the process, each module that does not implement a security protocol that randomizes, each time the module executes, a memory location of at least one portion of data accessed by the module, (iii) copying each module that does not implement the security protocol to a section of memory dedicated to security analyses, (iv) determining, based on detecting at least one gadget-specific characteristic within at least one copied module, that the process contains a gadget that is capable of being maliciously exploited, and then (v) performing a security action on the computing device to prevent the gadget from being maliciously exploited. Various other methods, systems, and computer-readable media are also disclosed.
-
Citations
20 Claims
-
1. A computer-implemented method for detecting gadgets on computing devices, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
identifying, on the computing device, a process comprising a plurality of modules; identifying, within the process, each module that does not implement a security protocol that randomizes, each time the module executes, a memory location of at least one portion of data accessed by the module; copying each module that does not implement the security protocol to a section of memory dedicated to security analyses; determining, based on detecting at least one gadget-specific characteristic within at least one copied module, that the process comprises a gadget that is capable of being maliciously exploited; and performing a security action on the computing device to prevent the gadget from being maliciously exploited. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for detecting gadgets on computing devices, the system comprising:
-
an identification module, stored in memory, that; identifies, on a computing device, a process comprising a plurality of modules; and identifies, within the process, each module that does not implement a security protocol that randomizes, each time the module executes, a memory location of at least one portion of data accessed by the module; a copying module, stored in memory, that copies each module that does not implement the security protocol to a section of memory dedicated to security analyses; a determination module, stored in memory, that determines, based on detecting at least one gadget-specific characteristic within at least one copied module, that the process comprises a gadget that is capable of being maliciously exploited; a security module, stored in memory, that performs a security action on the computing device to prevent the gadget from being maliciously exploited; and at least one physical processor configured to execute the identification module, the copying module, the determination module, and the security module. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify, on the computing device, a process comprising a plurality of modules; identify, within the process, each module that does not implement a security protocol that randomizes, each time the module executes, a memory location of at least one portion of data accessed by the module; copy each module that does not implement the security protocol to a section of memory dedicated to security analyses; determine, based on detecting at least one gadget-specific characteristic within at least one copied module, that the process comprises a gadget that is capable of being maliciously exploited; and perform a security action on the computing device to prevent the gadget from being maliciously exploited. - View Dependent Claims (18, 19, 20)
-
Specification