DETECTION OF PILEUP VULNERABILITIES IN MOBILE OPERATING SYSTEMS

US 20160044049A1
Filed: 08/11/2014
Published: 02/11/2016
Est. Priority Date: 08/11/2014
Status: Active Grant

First Claim

Patent Images

1. A system for detecting pileup vulnerabilities corresponding to mobile operating system updates, the system comprising:

an exploit opportunity analyzer, configured to identify pileup exploit opportunities corresponding to a plurality of mobile operating system configurations based on mobile operating system upgrades for each of the plurality of mobile operating system configurations, wherein the identification of exploit opportunities is based on information relating to pileup flaws;

a risk database, configured to store information regarding the identified pileup exploit opportunities for a plurality of versions of each of the plurality of mobile operating system configurations; and

a scanner application, configured to be executed by a mobile device, configured to query identified exploit opportunities relating to a particular mobile operating system configuration and version, and to evaluate third-party applications installed at the mobile device based on the identified exploit opportunities.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is provided for detecting pileup vulnerabilities corresponding to mobile operating system updates. The system includes: an exploit opportunity analyzer, configured to identify pileup exploit opportunities corresponding to a plurality of mobile operating system configurations based on mobile operating system upgrades for each of the plurality of mobile operating system configurations, wherein the identification of exploit opportunities is based on information relating to pileup flaws; a risk database, configured to store information regarding the identified pileup exploit opportunities for a plurality of versions of each of the plurality of mobile operating system configurations; and a scanner application, configured to be executed by a mobile device, configured to query identified exploit opportunities relating to a particular mobile operating system configuration and version, and to evaluate third-party applications installed at the mobile device based on the identified exploit opportunities.

16 Citations

20 Claims

1. A system for detecting pileup vulnerabilities corresponding to mobile operating system updates, the system comprising:
- an exploit opportunity analyzer, configured to identify pileup exploit opportunities corresponding to a plurality of mobile operating system configurations based on mobile operating system upgrades for each of the plurality of mobile operating system configurations, wherein the identification of exploit opportunities is based on information relating to pileup flaws;
  
  a risk database, configured to store information regarding the identified pileup exploit opportunities for a plurality of versions of each of the plurality of mobile operating system configurations; and
  
  a scanner application, configured to be executed by a mobile device, configured to query identified exploit opportunities relating to a particular mobile operating system configuration and version, and to evaluate third-party applications installed at the mobile device based on the identified exploit opportunities.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system according to claim 1, wherein the pileup flaws include permission harvesting flaws corresponding to a malicious app being able to gain a permission to be defined in a mobile operating system update without receiving proper authorization for gaining the permission.
  - 3. The system according to claim 1, wherein the pileup flaws include permission preempting flaws corresponding to a malicious app being able to preemptively define a new permission that corresponds to a permission to be defined in a mobile operating system update.
  - 4. The system according to claim 1, wherein the pileup flaws include shared user ID (UID) grabbing flaws corresponding to a malicious app being able to declare a shared UID corresponding to a shared UID of an application to be added by a mobile operating system update so as to block installation of the application to be added.
  - 5. The system according to claim 1, wherein the pileup flaws include data contamination flaws corresponding to a malicious app being able to contaminate data for an application to be added by a mobile operating system update via the mobile operating system update process.
  - 6. The system according to claim 1, wherein the pileup flaws include denial of services flaws corresponding to a malicious app being able to define a permission tree so as to deny access to resources associated with a permission to be defined by a mobile operating system update that falls within the permission tree defined by the malicious app.
  - 7. The system according to claim 1, further comprising:
    - a vulnerability detector, configured to analyze mobile operating system update logic used by particular mobile operating system configurations to identify pileup flaws associated with each particular mobile operating system configuration; and
      
      wherein the risk database is further configured to store the information relating to the pileup flaws and the exploit opportunity analyzer is further configured to obtain the stored information relating to the pileup flaws from the risk database.
  - 8. The system according to claim 1, wherein the exploit opportunity analyzer is further configured to receive mobile operating system images corresponding to different versions for a mobile operating system configuration and analyze pileup exploit opportunities based on the pileup flaws and based on differences between the difference versions of the mobile operating system configuration.
  - 9. The system according to claim 8, wherein the risk database is further configured to store information relating to the pileup flaws and the exploit opportunity analyzer is further configured to obtain the stored information relating to the pileup flaws for the mobile operating system configuration from the risk database, and wherein the analysis of pileup exploit opportunities is further based on the obtained information relating to the pileup flaws for the mobile operating system configuration.
  - 10. The system according to claim 1, wherein the scanner application is further configured to remove a third-party application based on a result of the scanner application'"'"'s evaluation of the third-party application.

11. A method for identifying pileup exploit opportunities associated with a plurality of mobile operating system configurations, the method comprising:
- receiving, by a computing device, a plurality of mobile operating system images corresponding to the plurality of mobile operating system configurations and multiple versions of the plurality of mobile operating system configurations;
  
  identifying, by the computing device, items susceptible to pileup flaws in each of a plurality of the multiple versions of the plurality of mobile operating system configurations; and
  
  causing, by the computing device, identifications of the items susceptible to pileup flaws to be stored in a risk database as identified exploit opportunities.
- View Dependent Claims (12, 13, 14)
- - 12. The method according to claim 11, wherein the pileup flaws include:
    - permission harvesting flaws corresponding to a malicious app being able to gain a permission to be defined in a mobile operating system update without receiving proper authorization for gaining the permission;
      
      permission preempting flaws corresponding to a malicious app being able to preemptively define a new permission that corresponds to a permission to be defined in a mobile operating system update;
      
      shared user ID (UID) grabbing flaws corresponding to a malicious app being able to declare a shared UID corresponding to a shared UID of an application to be added by a mobile operating system update so as to block installation of the application to be added;
      
      data contamination flaws corresponding to a malicious app being able to contaminate data for an application to be added by a mobile operating system update via the mobile operating system update process; and
      
      denial of services flaws corresponding to a malicious app being able to define a permission tree so as to deny access to resources associated with a permission to be defined by a mobile operating system update that falls within the permission tree defined by the malicious app.
  - 13. The method according to claim 11, further comprising:
    - receiving, from the risk database, information relating to pileup flaws corresponding to each of the plurality of mobile operating system configuration.
  - 14. The method according to claim 13, wherein identifying items susceptible to pileup flaws in each of a plurality of the multiple versions of the plurality of mobile operating system configurations is based on the received information relating to pileup flaws.

15. A non-transitory processor-readable medium having processor-executable instructions stored thereon for scanning for pileup vulnerabilities on a mobile device, the processor-executable instructions, when executed by a processor of the mobile device in accordance with a scanning application, facilitating the performance of the following steps:
- querying a remote risk database for pileup exploit opportunities corresponding to a current version of a mobile operating system installed on the mobile device;
  
  receiving identifications of pileup exploit opportunities corresponding to the current version of the mobile operating system;
  
  scanning non-system applications installed on the mobile device to detect potentially malicious applications configured to take advantage of the pileup exploit opportunities corresponding to the current version of the mobile operating system; and
  
  responding to detected potentially malicious applications by notifying a user of the mobile device of the detected potentially malicious applications or by removing the potentially malicious applications from the mobile device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory processor-readable medium according to claim 15, wherein the identifications of pileup exploit opportunities include pileup exploit opportunities associated with permission harvesting flaws corresponding to a malicious app being able to gain a permission to be defined in a mobile operating system update without receiving proper authorization for gaining the permission.
  - 17. The non-transitory processor-readable medium according to claim 15, wherein the identifications of pileup exploit opportunities include pileup exploit opportunities associated with permission preempting flaws corresponding to a malicious app being able to preemptively define a new permission that corresponds to a permission to be defined in a mobile operating system update.
  - 18. The non-transitory processor-readable medium according to claim 15, wherein the identifications of pileup exploit opportunities include pileup exploit opportunities associated with shared user ID (UID) grabbing flaws corresponding to a malicious app being able to declare a shared UID corresponding to a shared UID of an application to be added by a mobile operating system update so as to block installation of the application to be added.
  - 19. The non-transitory processor-readable medium according to claim 15, wherein the identifications of pileup exploit opportunities include pileup exploit opportunities associated with data contamination flaws corresponding to a malicious app being able to contaminate data for an application to be added by a mobile operating system update via the mobile operating system update process.
  - 20. The non-transitory processor-readable medium according to claim 15, wherein the identifications of pileup exploit opportunities include pileup exploit opportunities associated with denial of services flaws corresponding to a malicious app being able to define a permission tree so as to deny access to resources associated with a permission to be defined by a mobile operating system update that falls within the permission tree defined by the malicious app.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Indiana University Research & Technology Corporation (Indiana University)
Original Assignee
Indiana University Research & Technology Corporation (Indiana University)
Inventors
XING, Luyi, WANG, XiaoFeng

Granted Patent

US 9,386,027 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/56   Computer malware detection ...

H04L 63/14   for detecting or protecting...

H04L 63/1433   Vulnerability analysis

H04W 12/128   Anti-malware arrangements, ...

DETECTION OF PILEUP VULNERABILITIES IN MOBILE OPERATING SYSTEMS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

DETECTION OF PILEUP VULNERABILITIES IN MOBILE OPERATING SYSTEMS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links