System and method for repairing vulnerabilities of devices connected to a data network

US 10,419,472 B2
Filed: 08/22/2018
Issued: 09/17/2019
Est. Priority Date: 03/18/2016
Status: Active Grant

First Claim

Patent Images

1. A method for repairing vulnerabilities of devices connected to a data network, the method comprising:

accessing, by a hardware processor, a device communicatively coupled to the data network;

accessing, by the hardware processor, a configuration of the device, the configuration containing settings of the device;

comparing, by the hardware processor, each of the settings of the accessed device with settings of devices with known vulnerabilities from a database of vulnerabilities to identify at least one vulnerability of the device that can be exploited;

retrieving by the hardware processor, from the database, the settings of the devices with known vulnerabilities that repair the identified vulnerability in the accessed device;

determining, by the hardware processor, a repair action for repairing the at least one vulnerability, the repair action comprising adjusting one or more settings of the device based on the retrieved settings; and

transmitting, by the hardware processor, instructions to the accessed device to perform the repair action, the instructions comprising updating a setting of the accessed device by crawling a web page of an administrative console of the accessed device to identify controlling elements in the web page for the setting, and modifying values of the controlling elements based on the instructions.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are systems and methods for repairing vulnerabilities of smart devices connected to a data network. An example method includes accessing, by a hardware processor, a smart device communicatively coupled to a data network, accessing a configuration of the smart device, the configuration containing settings of the smart device, comparing each of the settings of the smart device with settings of known vulnerabilities from a database of vulnerabilities to identify a network vulnerability of the smart device that can be exploited, retrieving one or more setting correcting the network vulnerability from the database, determining a repair action for repairing the at least one network vulnerability, the repair action comprising the one or more settings and transmitting, by the processor, instructions to the smart device to perform the repair action.

14 Citations

21 Claims

1. A method for repairing vulnerabilities of devices connected to a data network, the method comprising:
- accessing, by a hardware processor, a device communicatively coupled to the data network;
  
  accessing, by the hardware processor, a configuration of the device, the configuration containing settings of the device;
  
  comparing, by the hardware processor, each of the settings of the accessed device with settings of devices with known vulnerabilities from a database of vulnerabilities to identify at least one vulnerability of the device that can be exploited;
  
  retrieving by the hardware processor, from the database, the settings of the devices with known vulnerabilities that repair the identified vulnerability in the accessed device;
  
  determining, by the hardware processor, a repair action for repairing the at least one vulnerability, the repair action comprising adjusting one or more settings of the device based on the retrieved settings; and
  
  transmitting, by the hardware processor, instructions to the accessed device to perform the repair action, the instructions comprising updating a setting of the accessed device by crawling a web page of an administrative console of the accessed device to identify controlling elements in the web page for the setting, and modifying values of the controlling elements based on the instructions.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - obtaining, by the hardware processor, available resources of the accessed device;
      
      comparing each of the available resources with rules stored in the database of vulnerabilities to determining resources with a status matching the accessed device; and
      
      obtaining the settings for the determined resource from a database of settings.
  - 3. The method of claim 2, wherein the device is accessed by transmitting a broadcast request to devices on the data network.
  - 4. The method of claim 3, wherein the transmitting of the broadcast request through the data network comprises transmitting the request to a router that redirects the request to a plurality of devices communicatively coupled to the data network via the router.
  - 5. The method of claim 2, wherein accessing the configuration comprises:
    - accessing, by the processor, an interface of the device by obtaining a web page associated with the configuration;
      
      parsing elements of the web page, wherein the web page contains the settings of the device; and
      
      using the interface to obtain the settings of the device.
  - 6. The method of claim 5, wherein the configuration is stored in a configuration file.
  - 7. The method of claim 6, wherein modifying the setting of the device comprises modifying the setting in the configuration file.

8. A system for repairing vulnerabilities of devices connected to a data network, comprising:
- a hardware processor configured to;
  
  access a device communicatively coupled to a data network;
  
  access a configuration of the device, the configuration containing settings of the device;
  
  compare each of the settings of the accessed device with settings of devices with known vulnerabilities from a database of vulnerabilities to identify a vulnerability of the device that can be exploited;
  
  retrieve, from the database, the settings of the devices with known vulnerabilities that repair the identified vulnerability in the accessed device;
  
  determine a repair action for repairing the at least one vulnerability, the repair action comprising adjusting one or more settings of the device based on the retrieved settings; and
  
  transmit instructions to the device to perform the repair action, the instructions comprising updating a setting of the accessed device by crawling a web page of an administrative console of the accessed device to identify controlling elements in the web page for the setting, and modifying values of the controlling elements based on the instructions.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the hardware processor is further configured to:
    - obtain available resources of the accessed device;
      
      compare each of the available resources with rules stored in the database of vulnerabilities to determining resources with a status matching the accessed device; and
      
      obtain the settings for the determined resource from a database of settings.
  - 10. The system of claim 9, wherein the device is accessed by transmitting a broadcast request to devices on the data network.
  - 11. The system of claim 10, wherein the transmitting of the broadcast request through the data network comprises transmitting the request to a router that redirects the request to a plurality of devices communicatively coupled to the data network via the router.
  - 12. The system of claim 9, wherein accessing the configuration comprises:
    - accessing an interface of the device by obtaining a web page associated with the configuration;
      
      parsing elements of the web page, wherein the web page contains the settings of the device; and
      
      using the interface to obtain the settings of the device.
  - 13. The system of claim 12, wherein the configuration is stored in a configuration file.
  - 14. The system of claim 13, wherein modifying the setting of the device comprises modifying the setting in the configuration file.

15. A non-transitory computer-readable medium storing instructions thereon for repairing vulnerabilities of devices connected to a data network, the instructions comprising:
- accessing a device communicatively coupled to a data network;
  
  accessing a configuration of the device, the configuration containing settings of the device;
  
  comparing each of the settings of the accessed device with settings of devices with known vulnerabilities from a database of vulnerabilities to identify at least one vulnerability of the device that can be exploited;
  
  retrieving, from the database, the settings of the devices with known vulnerabilities that repair the identified vulnerability in the accessed device;
  
  determining a repair action for repairing the at least one vulnerability, the repair action comprising adjusting one or more settings of the device based on the retrieved settings; and
  
  transmitting instructions to the device to perform the repair action, the instructions comprising updating a setting of the accessed device by crawling a web page of an administrative console of the accessed device to identify controlling elements in the web page for the setting, and modifying values of the controlling elements based on the instructions.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The medium of claim 15, further comprising:
    - obtaining available resources of the accessed device;
      
      comparing each of the available resources with rules stored in the database of vulnerabilities to determining resources with a status matching the accessed device; and
      
      obtaining the settings for the determined resource from a database of settings.
  - 17. The medium of claim 16, wherein the device is accessed by transmitting a broadcast request to devices on the data network.
  - 18. The medium of claim 17, wherein the transmitting of the broadcast request through the data network comprises transmitting the request to a router that redirects the request to a plurality of devices communicatively coupled to the data network via the router.
  - 19. The medium of claim 18, wherein accessing the configuration comprises:
    - accessing an interface of the device by obtaining a web page associated with the configuration;
      
      parsing elements of the web page, wherein the web page contains the settings of the device; and
      
      using the interface to obtain the settings of the device.
  - 20. The medium of claim 19, wherein the configuration is stored in a configuration file.
  - 21. The medium of claim 20, wherein modifying the setting of the device comprises modifying the setting in the configuration file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lab A.O. Kaspersky
Original Assignee
Lab A.O. Kaspersky
Inventors
Rusakov, Vyacheslav E., Janus, Marta Anna
Primary Examiner(s)
Mehrmanesh, Amir

Application Number

US16/108,254
Publication Number

US 20180359278A1
Time in Patent Office

391 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

H04L 41/0809   Plug-and-play configuration

H04L 63/1433   Vulnerability analysis

H04L 67/02   based on web technology, e....

H04L 67/06   specially adapted for file ...

H04L 67/12   specially adapted for propr...

H04W 12/12   Detection or prevention of ...

System and method for repairing vulnerabilities of devices connected to a data network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

14 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for repairing vulnerabilities of devices connected to a data network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links