Systems and methods for protecting computing devices from imposter accessibility services

US 9,690,934 B1
Filed: 08/27/2015
Issued: 06/27/2017
Est. Priority Date: 08/27/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for protecting computing devices from imposter accessibility services, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

registering a security application with the computing device as an accessibility service that has special permissions on the computing device that are not available to other applications;

ensuring that the security application is the first registered accessibility service on the computing device;

performing, by the security application, a security action after ensuring that the security application is the first registered accessibility service.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed computer-implemented method for protecting computing devices from imposter accessibility services may include (1) registering a security application with the computing device as an accessibility service that has special permissions on the computing device that are not available to other applications, (2) ensuring that the security application is the first registered accessibility service on the computing device, and (3) performing, by the security application, a security action after ensuring that the security application is the first registered accessibility service. Various other methods, systems, and computer-readable media are also disclosed.

26 Citations

View as Search Results

20 Claims

1. A computer-implemented method for protecting computing devices from imposter accessibility services, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- registering a security application with the computing device as an accessibility service that has special permissions on the computing device that are not available to other applications;
  
  ensuring that the security application is the first registered accessibility service on the computing device;
  
  performing, by the security application, a security action after ensuring that the security application is the first registered accessibility service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented method of claim 1, wherein ensuring that the security application is the first registered accessibility service comprises:
    - triggering an event on the computing device that will be intercepted by the first registered accessibility service for the computing device;
      
      determining, based on the security application not intercepting the event, that the security application is not the first registered accessibility service for the computing device;
      
      performing a remedial action in response to determining that the security application is not the first registered accessibility service for the computing device.
  - 3. The computer-implemented method of claim 2, wherein performing the remedial action comprises prompting a user to configure the computing device such that the security application is the first registered accessibility services.
  - 4. The computer-implemented method of claim 1, wherein performing the security action comprises blocking a malware application from registering itself as the first registered accessibility service due to having the security application already registered as the first registered accessibility service.
  - 5. The computer-implemented method of claim 1, wherein the security action comprises:
    - querying the computing device for a list of registered accessibility services;
      
      querying a reputation database for a reputation for each accessibility service in the list of registered accessibility services.
  - 6. The computer-implemented method of claim 5, further comprising notifying the user of a negative reputation of a registered accessibility service in response to receiving a reply from the reputation database indicating that the registered accessibility service has a negative reputation.
  - 7. The computer-implemented method of claim 5, further comprising prompting the user to provide a reputation rating for a registered accessibility service in response to receiving a reply from the reputation database indicating that the registered accessibility services has not yet been assigned a reputation score.
  - 8. The computer-implemented method of claim 1, wherein the computing device comprises a mobile device.
  - 9. The computer-implemented method of claim 1, wherein the security action comprises:
    - determining that a user is viewing a downloadable application;
      
      determining that the downloadable application will attempt to register as an accessibility service once downloaded to the computing device;
      
      adjusting a reputation score of the downloadable application based on determining that the downloadable application will attempt to register as an accessibility service.

10. A system including memory for protecting computing devices from imposter accessibility services, the system comprising:
- a registration module, stored in the memory, that registers a security application with the computing device as an accessibility service that has special permissions on the computing device that are not available to other applications;
  
  an ensuring module, stored in the memory, that ensures that the security application is the first registered accessibility service on the computing device;
  
  a security module, stored in the memory, that performs, by the security application, a security action after ensuring that the security application is the first registered accessibility service;
  
  at least one physical processor configured to execute the registration module, the ensuring module, and the security module.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the ensuring module ensures that the security application is the first registered accessibility service by:
    - triggering an event on the computing device that will be intercepted by the first registered accessibility service for the computing device;
      
      determining, based on the security application not intercepting the event, that the security application is not the first registered accessibility service for the computing device;
      
      performing a remedial action in response to determining that the security application is not the first registered accessibility service for the computing device.
  - 12. The system of claim 11, wherein the ensuring module performs the remedial action by prompting a user to configure the computing device such that the security application is the first registered accessibility services.
  - 13. The system of claim 10, wherein the security module performs the security action by blocking a malware application from registering itself as the first registered accessibility service due to having the security application already registered as the first registered accessibility service.
  - 14. The system of claim 10, wherein the security action comprises:
    - querying the computing device for a list of registered accessibility service;
      
      querying a reputation database for a reputation for each accessibility service in the list of registered accessibility services.
  - 15. The system of claim 14, wherein the security module notifies the user of a negative reputation of a registered accessibility service in response to receiving a reply from the reputation database indicating that the registered accessibility service has a negative reputation.
  - 16. The system of claim 14, wherein the security module prompts the user to provide a reputation rating for a registered accessibility service in response to receiving a reply from the reputation database indicating that the registered accessibility services has not yet been assigned a reputation score.
  - 17. The system of claim 10, wherein the computing device comprises a mobile device.
  - 18. The system of claim 10, wherein the security action comprises:
    - determining that a user is viewing a downloadable application;
      
      determining that the downloadable application will attempt to register as an accessibility service once downloaded to the computing device;
      
      adjusting a reputation score of the downloadable application based on determining that the downloadable application will attempt to register as an accessibility service.

19. A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- register a security application with the computing device as an accessibility service that has special permissions on the computing device that are not available to other applications;
  
  ensure that the security application is the first registered accessibility service on the computing device;
  
  perform, by the security application, a security action after ensuring that the security application is the first registered accessibility service.
- View Dependent Claims (20)
- - 20. The non-transitory computer-readable medium of claim 19, wherein the one or more computer-readable instructions cause the computing device to ensure that the security application is the first registered accessibility service by:
    - triggering an event on the computing device that will be intercepted by the first registered accessibility service for the computing device;
      
      determining, based on the security application not intercepting the event, that the security application is not the first registered accessibility service for the computing device;
      
      performing a remedial action in response to determining that the security application is not the first registered accessibility service for the computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Gen Digital Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Sundaram, Ramakrishnan Meenakshi
Primary Examiner(s)
Zecher, Dede
Assistant Examiner(s)
Lakhia, Viral

Application Number

US14/837,383
Time in Patent Office

670 Days
Field of Search

726 1- 4, 726 23- 26, 455401, 713153-155
US Class Current
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/6227   where protection concerns t...

G06F 2221/033   Test or assess software

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2153   Using hardware token as a s...

H04L 63/145   the attack involving the pr...

Systems and methods for protecting computing devices from imposter accessibility services

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for protecting computing devices from imposter accessibility services

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links