SYSTEMS AND METHODS FOR AUTOMATED DETECTION OF APPLICATION VULNERABILITIES

US 20150242636A1
Filed: 02/24/2015
Published: 08/27/2015
Est. Priority Date: 02/25/2014
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium embodying at least one program executable in a computing device, comprising:

code that obtains a plurality of mobile applications from a source entity;

code that identifies an entry point corresponding to a potential vulnerability in the mobile applications;

code that generates a simulated user input for an element of a user interface associated with the entry point based at least in part on an input type associated with the element of the user interface;

code that installs and initiates execution of each of the mobile applications in a plurality of emulated mobile computing devices;

code that provides the simulated user input to each of the mobile applications in response to determining that a state of each of the mobile applications corresponds to the entry point; and

code that determines that a communication interception obtained from a proxy corresponds to one of the mobile applications in response to obtaining the communication interception from the proxy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are systems and methods for performing automatic, large-scale analysis mobile applications to determine and analyze application vulnerability. The disclosed systems and methods include identifying potentially vulnerable applications, identifying the application entry points that lead to vulnerable behavior, and generating smart input for text fields. Thus, a fully automated framework is implemented to run in parallel on multiple emulators, while collecting vital information.

Citations

20 Claims

1. A non-transitory computer-readable medium embodying at least one program executable in a computing device, comprising:
- code that obtains a plurality of mobile applications from a source entity;
  
  code that identifies an entry point corresponding to a potential vulnerability in the mobile applications;
  
  code that generates a simulated user input for an element of a user interface associated with the entry point based at least in part on an input type associated with the element of the user interface;
  
  code that installs and initiates execution of each of the mobile applications in a plurality of emulated mobile computing devices;
  
  code that provides the simulated user input to each of the mobile applications in response to determining that a state of each of the mobile applications corresponds to the entry point; and
  
  code that determines that a communication interception obtained from a proxy corresponds to one of the mobile applications in response to obtaining the communication interception from the proxy.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The non-transitory computer-readable medium of claim 1, further comprising code that determines whether the entry point of the one of the mobile applications is vulnerable in response to analyzing the communication interception obtained from the proxy.
  - 3. The non-transitory computer-readable medium of claim 2, further comprising code that reports performance of the one of the mobile applications to the source entity in response to determining that the one of the mobile applications is vulnerable.
  - 4. The non-transitory computer-readable medium of claim 1, wherein the code that identifies the one entry point corresponding to the potential vulnerability in the mobile applications further comprises code that disassembles each of the mobile applications to a human readable format.
  - 5. The non-transitory computer-readable medium of claim 1, further comprising code that generates a schedule for emulating the mobile computing devices, the schedule defining a timing for obtaining the emulated mobile computing devices to install and execute each of the mobile applications on a respective emulated mobile computing device, and wherein installing and executing each of the mobile applications in the emulated mobile computing devices is executed according to the schedule.
  - 6. The non-transitory computer-readable medium of claim 1, wherein the proxy is configured to intercept and record network traffic data between the mobile applications executed by the emulated mobile computing devices and a target domain, and wherein the communication interception corresponds to a portion of the network traffic data associated with the potential vulnerability of the one of the mobile applications.
  - 7. The non-transitory computer-readable medium of claim 6, wherein the network traffic data comprises logging success data and logging failure data.

8. A system, comprising:
- at least one computing device; and
  
  an application vulnerability service executable in the at least one computing device, the application vulnerability service comprising;
  
  logic that identifies a plurality of mobile applications that are associated with a potential vulnerability;
  
  logic that installs and initiates execution of the mobile applications in a plurality of emulated mobile computing devices;
  
  logic that provides a simulated user input for an element of a user interface associated with an entry point for each of the mobile applications, the simulated user input configured to test the potential vulnerability of each of the mobile applications; and
  
  logic that determines whether at least one of the mobile applications is vulnerable in response to analyzing network traffic data associated with the entry point and the mobile applications.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8, wherein the logic that identifies the mobile applications that are associated with the potential vulnerability further comprises:
    - logic that disassembles each of the mobiles applications to a human readable format; and
      
      logic that determines whether each of the mobile applications use a modified implementation of a pre-defined security protocol.
  - 10. The system of claim 8, further comprising logic that manages the installation and execution of each of the mobile applications on the emulated mobile computing devices according to a schedule.
  - 11. The system of claim 8, further comprising logic that records a state change that occurred during execution of at least one of the mobile applications in response to determining that the state change occurred during execution of the at least one of the mobile applications.
  - 12. The system of claim 8, wherein the network traffic data comprises logging success data associated with each of the mobile applications, wherein the logging success data corresponds to at least one successful access to a target domain using the simulated user input provided via the element of the user interface.
  - 13. The system of claim 12, wherein the logic that determines whether the at least one of the mobile applications is vulnerable in response to analyzing the network traffic data further comprises logic that determines that the at least one of the mobile applications improperly granted the at least one successful access to the target domain.

14. A method comprising:
- identifying, by at least one computing device, a plurality of applications that are associated with a potential vulnerability;
  
  installing and initiating execution of the applications, by the at least one computing device, in a plurality of emulated mobile computing devices;
  
  providing, by the at least one computing device, a simulated user input for an element of a user interface associated with an entry point for each of the applications; and
  
  logic that determines whether at least one of the applications is vulnerable in response to processing network traffic data associated with the entry point of each of the applications.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein the network traffic data is obtained from a proxy that intercepts communication from the applications, and the network traffic data comprises logging success data, logging failure data, a plurality of time periods associated with each of the applications executed by the emulated computing devices, and a server each of the applications are communicating with.
  - 16. The method of claim 14, wherein the potential vulnerability is a man-in-the-middle attack.
  - 17. The method of claim 14, further comprising determining, by the at least one computing device, whether each of the applications uses a modified implementation of a pre-defined security protocol, wherein the pre-defined security protocol comprises at least one of a secure sockets layer or a transport layer security.
  - 18. The method of claim 14, further comprising:
    - determining, by the at least one computing device, whether a time block in the network traffic data corresponds to a time period that one of the applications was executing;
      
      determining, by the at least one computing device, whether a domain associated with the time block in the network traffic data corresponds to the domain associated with the time period during which the one of the applications was running; and
      
      recording, by the at least one computing device, the potential vulnerability of the one of the applications as a confirmed vulnerability in a data store.
  - 19. The method of claim 18, further comprising reporting, by the at least one computing device, the confirmed vulnerability of the one of the applications to a source entity.
  - 20. The method of claim 14, further comprising storing, by the at least one computing device, the applications in respective storage buckets in response to identifying whether each of the applications are potentially vulnerable and confirmed as being vulnerable.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Board of Regents of the University of Texas System (University of Texas System)
Original Assignee
Board of Regents of the University of Texas System (University of Texas System)
Inventors
Lin, Zhiqiang, Khan, Latifur, Thuraisingham, Bhavani, Sahs, Justin, Sounthiraraj, David, Greenwood, Garrett

Granted Patent

US 9,977,904 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/033   Test or assess software

H04L 63/1433   Vulnerability analysis

H04W 88/02   Terminal devices

SYSTEMS AND METHODS FOR AUTOMATED DETECTION OF APPLICATION VULNERABILITIES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR AUTOMATED DETECTION OF APPLICATION VULNERABILITIES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links