U.S. patent application number 13/904547 was filed with the patent office on 2014-05-22 for system and method for detecting, alerting and blocking data leakage, eavesdropping and spyware.
This patent application is currently assigned to SNOOPWALL LLC. The applicant listed for this patent is GARY S. MILIEFSKY. Invention is credited to GARY S. MILIEFSKY.
Application Number | 20140143864 13/904547 |
Document ID | / |
Family ID | 50729261 |
Filed Date | 2014-05-22 |
United States Patent
Application |
20140143864 |
Kind Code |
A1 |
MILIEFSKY; GARY S. |
May 22, 2014 |
SYSTEM AND METHOD FOR DETECTING, ALERTING AND BLOCKING DATA
LEAKAGE, EAVESDROPPING AND SPYWARE
Abstract
A computer implemented method for detecting, alerting and
blocking data leakage, eavesdropping and spyware in one or more
networked computing devices includes providing a graphical user
interface (GUI) and displaying all available hardware device
interfaces in each networked computing device. Next, providing a
turn-on switch and a turn-off switch for each displayed hardware
device interface in each networked computing device. Next,
providing a turn-all-on switch and a turn-all-off switch for all
displayed hardware device interfaces in each networked computing
device. Next, monitoring status of each available hardware device
interface and data traffic across each available hardware device
interface. Upon detecting an unauthorized change of status of a
specific hardware device interface or unauthorized data traffic
across a specific hardware device interface providing a warning
signal, turning off the specific hardware device interface by
activating the turn-off switch for the specific hardware device
interface or the turn-all-off switch.
Inventors: |
MILIEFSKY; GARY S.; (Nashua,
NH) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
MILIEFSKY; GARY S. |
Nashua |
NH |
US |
|
|
Assignee: |
SNOOPWALL LLC
Las Vegas
NV
|
Family ID: |
50729261 |
Appl. No.: |
13/904547 |
Filed: |
May 29, 2013 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
61729202 |
Nov 21, 2012 |
|
|
|
Current U.S.
Class: |
726/22 |
Current CPC
Class: |
H04L 63/20 20130101;
H04L 43/0817 20130101; H04L 63/1475 20130101; H04L 63/1416
20130101 |
Class at
Publication: |
726/22 |
International
Class: |
H04L 29/06 20060101
H04L029/06 |
Claims
1. A computer implemented method for detecting, alerting and
blocking data leakage, eavesdropping and spyware in one or more
networked computing devices comprising: providing a graphical user
interface (GUI) and displaying all available hardware device
interfaces in each networked computing device; providing a turn-on
switch and a turn-off switch for each displayed hardware device
interface in each networked computing device; providing a
turn-all-on switch and a turn-all-off switch for all displayed
hardware device interfaces in each networked computing device;
monitoring status of each available hardware device interface and
data traffic across each available hardware device interface; upon
detecting an unauthorized change of status of a specific hardware
device interface or unauthorized data traffic across a specific
hardware device interface providing a warning signal; and turning
off the specific hardware device interface by activating the
turn-off switch for the specific hardware device interface or the
turn-all-off switch.
2. The method of claim 1, further comprising upon resolving the
unauthorized change of status or unauthorized data traffic across
the specific hardware device interface, turning on the specific
hardware device interface by activating the turn-on switch for the
specific hardware device interface or the turn-on-off switch.
3. The method of claim 1, wherein activation of the turn-on,
turn-off, turn-all-on, turn-all-off switches is initiated locally
by a user of the networked computing device.
4. The method of claim 1, wherein activation of the turn-on,
turn-off, turn-all-on, turn-all-off switches is initiated remotely
by an administrator of the networked computing device.
5. The method of claim 1, wherein said networked computing device
comprises a central processing unit (CPU), a security application,
and a display, wherein the security application provides computer
implemented operations and instructions that monitor, detect and
block data leakage, eavesdropping and spyware across all available
hardware device interfaces in each of the networked computing
device; wherein the CPU executes the computer implemented
instruction provided by the security application, and wherein the
display displays the GUI.
6. The method of claim 1, further comprising providing a first
table comprising a list of applications and authorized status of
each available hardware device interface for each application and
storing said first table in a database.
7. The method of claim 6, further comprising providing a second
table comprising a list of known malicious applications and storing
said second table in said database.
8. The method of claim 1 further comprising providing a server
configured to access the one or more networked computing devices
via a network connection and wherein said server comprises a
command center, a dashboard, a toolbar, a taskbar, a standalone GUI
and an application programmers interface (API), and wherein said
command center is configured to manage remotely security
applications in the one or more networked computing devices.
9. The method of claim 8, further comprising creating rules and
policies and installing them in the security applications of the
one or more networked computing devices and the server via the
command center.
10. The method of claim 8, further comprising summarizing and
presenting in the dashboard real-time events occurring in the one
or more networked computing devices and the server.
11. The method of claim 8, further comprising displaying the status
of all available hardware device interfaces in the toolbar for the
one or more networked computing devices and the server.
12. The method of claim 8, wherein communications between the
server and the one or more networked computing devices comprise
secure communications protocols.
13. The method of claim 12, wherein said secure communication
protocols comprise one of secure socket layer (SSL), or transport
layer security (TLS).
14. The method of claim 8, wherein the server further comprises a
real-time kernel driver and a rootkit `system` healer, and wherein
the real-time kernel constantly monitors the status of all
controlling interfaces and settings and in the event a hacker or
malicious code tampers with the security applications, the rootkit
"system" healer restores the security applications.
15. The method of claim 1, wherein the available hardware device
interfaces comprise one or more of keyboard, mouse, touchscreen,
webcam, USB hardware device interface, microphone, Flash memory,
Infrared, Bluetooth, Ethernet, Wireless, LAN, WAN, VPN, text
messaging interfaces, telephone interfaces, modem, cellular, GPS
interfaces, gesture based interfaces or eye-motion based
interfaces.
16. The method of claim 1, wherein the turn-on, turn-off,
turn-all-on, turn-all-off switches comprise slidably activated
switches.
17. The method of claim 1, wherein the turn-on, turn-off,
turn-all-on, turn-all-off switches comprise pressure activated
switches.
18. The method of claim 1, wherein the networked computing devices
comprise one of personal computers, servers, desktops, laptops,
mobile phones, iPhones.TM., iPads.TM., iTouches.TM., Droids.TM.,
Blackberry.TM. devices, Windows.TM. phone, Android.TM. phones,
personal digital assistants (PDAs), or tablet devices.
19. The method of claim 1, wherein the warning signal comprises a
visual warning signal or an acoustical warning signal.
20. The method of claim 11, wherein the visual warning signal
comprises flashing of the specific hardware device interface image
in the GUI.
21. The method of claim 1, further comprising, prior to installing
a new application in any of the one or more networked computing
devices, sending a message comprising the hardware device
interfaces to which the new application requests access and asking
for installation permission and which hardware device interfaces
should be blocked.
22. A system for detecting, alerting and blocking data leakage,
eavesdropping and spyware in one or more networked computing
devices comprising: a graphical user interface (GUI) displaying all
available hardware device interfaces in each networked computing
device; a turn-on switch and a turn-off switch for each displayed
hardware device interface in each networked computing device; a
turn-all-on switch and a turn-all-off switch for all displayed
hardware device interfaces in each networked computing device; a
security application configured to monitor status of each available
hardware device interface and data traffic across each available
hardware device interface, and upon detecting an unauthorized
change of status of a specific hardware device interface or
unauthorized data traffic across a specific hardware device
interface providing a warning signal and turning off the specific
hardware device interface by activating the turn-off switch for the
specific hardware device interface or the turn-all-off switch.
23. A computer program product for detecting, alerting and blocking
data leakage, eavesdropping and spyware in one or more networked
computing devices, wherein said computer program product is stored
on a computer readable medium and comprises: computer code for
providing a graphical user interface (GUI) and displaying all
available hardware device interfaces in each networked computing
device; computer code for providing a turn-on switch and a turn-off
switch for each displayed hardware device interface in each
networked computing device; computer code for providing a
turn-all-on switch and a turn-all-off switch for all displayed
hardware device interfaces in each networked computing device;
computer code for monitoring status of each available hardware
device interface and data traffic across each available hardware
device interface; computer code for providing a warning signal,
upon detecting an unauthorized change of status of a specific
hardware device interface or unauthorized data traffic across a
specific hardware device interface; and computer code for turning
off the specific hardware device interface by activating the
turn-off switch for the specific hardware device interface or the
turn-all-off switch.
Description
CROSS REFERENCE TO RELATED CO-PENDING APPLICATIONS
[0001] This application is a non-provisional application of and
claims the benefit of U.S. provisional application Ser. No.
61/729,202 filed on Nov. 21, 2012 and entitled "System and methods
for data leakage, eavesdropping and spyware detection, alerting and
blocking" which is commonly assigned and the contents of which are
expressly incorporated herein by reference.
FIELD OF THE INVENTION
[0002] The present invention relates to a system and method for
detecting, alerting and blocking data leakage, eavesdropping and
spyware in networked computing devices.
BACKGROUND OF THE INVENTION
[0003] Networked computing devices have a high risk for being
attacked by malicious code for gaining remote access, eavesdropping
and spying. In particular, Windows.TM. computing devices,
iPhone.TM., Android.TM. and Windows.TM. Phone are incredibly high
risk environments for being spied upon without the end-user's
knowledge. Many search engine resulting links such as those of
BING.TM. and of GOOGLE.TM. contain drive-by malware that allows for
remote espionage and provides access to sensitive information
stored in the networked computing devices. This unauthorized access
to sensitive information provides an increased opportunity for
cyber-crime. Currently available anti-virus, anti-malware, and
anti-spyware applications focus on trying to detect malware based
on known signatures or behavior. However, new types of malware are
being developed constantly and the currently available firewall,
intrusion detection, intrusion prevention, anti-virus,
anti-malware, and anti-spyware applications cannot detect, prevent
or react to most of the new types of malware.
[0004] In particular, none of the currently available security
utilities can answer these questions: Which ports or device
interfaces are open? Is the wireless port enabled? Is it connected
to a network? Is the Bluetooth or Infrared Interface enabled? Is
the webcam on? Is the universal serial bus (USB) port enabled? Is
the microphone on? Some of the currently available security
applications come with keylogger detection utilities. However,
there are no guarantees that these applications will also stop
keyboard eavesdropping. Most users want SKYPE.TM. and Microsoft
instant messaging (IM) on in order to be able to communicate and
therefore numerous communication ports remain open. Malware may use
these open ports to phone home to callback uniform resource
locators (URLs). Spyware may use these open ports to send
eavesdropping information to those who are maliciously
eavesdropping, unbeknownst to the victim or the plethora of
security utilities.
[0005] Accordingly, there is a need for improved systems and
methods for detecting, alerting and blocking data leakage,
eavesdropping and spyware in networked computing devices.
SUMMARY OF THE INVENTION
[0006] This present invention provides a system and method for
detecting, alerting and blocking data leakage, eavesdropping and
spyware in networked computing devices.
[0007] In general, in one aspect the invention provides a
computer-implemented method for detecting, alerting and blocking
data leakage, eavesdropping and spyware in one or more networked
computing devices. The method includes providing a graphical user
interface (GUI) and displaying all available hardware device
interfaces in each networked computing device. Next, providing a
turn-on switch and a turn-off switch for each displayed hardware
device interface in each networked computing device. Next,
providing a turn-all-on switch and a turn-all-off switch for all
displayed hardware device interfaces in each networked computing
device. Next, monitoring status of each available hardware device
interface and data traffic across each available hardware device
interface. Upon detecting an unauthorized change of status of a
specific hardware device interface or unauthorized data traffic
across a specific hardware device interface providing a warning
signal, turning off the specific hardware device interface by
activating the turn-off switch for the specific hardware device
interface or the turn-all-off switch.
[0008] Implementations of this aspect of the invention may include
one or more of the following features. Upon resolving the
unauthorized change of status of the specific hardware device
interface or unauthorized data traffic across the specific hardware
device interface, turning on the specific hardware device interface
by activating the turn-on switch for the specific hardware device
interface or the turn-on-off switch. Activation of the turn-on,
turn-off, turn-all-on, turn-all-off switches is initiated locally
by a user of the networked computing device, or remotely by an
administrator of the networked computing device. The networked
computing device includes a central processing unit (CPU), a
security application, and a display. The security application
provides computer implemented operations and instructions that
monitor, detect and block data leakage, eavesdropping and spyware
across all available hardware device interfaces in each of the
networked computing device. The CPU executes the computer
implemented instruction provided by the security application, and
the display displays the GUI. The method further includes providing
a first table comprising a list of applications and authorized
status of each available hardware device interface for each
application and storing the first table in a database. The method
further includes providing a second table comprising a list of
known malicious applications and storing the second table in the
database. The method further includes providing a server configured
to access the one or more networked computing devices via a network
connection. The server comprises a command center, a dashboard, a
toolbar, a taskbar, a standalone GUI and an application
programmer's interface (API). The command center is configured to
manage remotely security applications in the one or more networked
computing devices. The method further includes creating rules and
policies and installing them in the security applications of the
one or more networked computing devices and the server via the
command center. The method further includes summarizing and
presenting in the dashboard real-time events occurring in the one
or more networked computing devices and the server. The method
further includes displaying the status of all available hardware
device interfaces in the toolbar for the one or more networked
computing devices and the server. Communications between the server
and the one or more networked computing devices comprise secure
communications protocols. The secure communication protocols
comprise one of secure socket layer (SSL), or transport layer
security (TLS). The server further comprises a real-time kernel
driver and a rootkit `system` healer. The real-time kernel
constantly monitors the status of all controlling interfaces and
settings and in the event a hacker or malicious code tampers with
the security applications, the rootkit "system" healer restores the
security applications. The available hardware device interfaces may
be a keyboard, mouse, touchscreen, webcam, USB hardware device
interface, microphone, Flash memory, Infrared, Bluetooth, Ethernet,
Wireless, LAN, WAN, VPN, text messaging interfaces, telephone
interfaces, modem, cellular, GPS interfaces, gesture based
interfaces or eye-motion based interfaces. The turn-on, turn-off,
turn-all-on, turn-all-off switches comprise slidably activated
switches, or comprise pressure-activated switches. The networked
computing devices may be personal computers, servers, desktops,
laptops, mobile phones, iPhones.TM., iPads.TM., iTouches.TM.,
Droids.TM., Blackberry.TM. devices, Windows.TM. phone, Android.TM.
phones, personal digital assistants (PDAs), or tablet devices. The
warning signal may be a visual warning signal or an acoustical
warning signal. The visual warning signal comprises flashing of the
specific hardware device interface image in the GUI. The method
further includes, prior to installing a new application in any of
the one or more networked computing devices, sending a message
comprising the hardware device interfaces to which the new
application requests access and asking for installation permission
and which hardware device interfaces should be blocked.
[0009] In general, in another aspect, the invention features a
system for detecting, alerting and blocking data leakage,
eavesdropping and spyware in one or more networked computing
devices including a graphical user interface (GUI) displaying all
available hardware device interfaces in each networked computing
device, a turn-on switch and a turn-off switch for each displayed
hardware device interface in each networked computing device, a
turn-all-on switch and a turn-all-off switch for all displayed
hardware device interfaces in each networked computing device, and
a security application. The security application is configured to
monitor status of each available hardware device interface and data
traffic across each available hardware device interface, and upon
detecting an unauthorized change of status of a specific hardware
device interface or unauthorized data traffic across a specific
hardware device interface providing a warning signal and turning
off the specific hardware device interface by activating the
turn-off switch for the specific hardware device interface or the
turn-all-off switch.
[0010] In general, in another aspect, the invention features a
computer program product for detecting, alerting and blocking data
leakage, eavesdropping and spyware in one or more networked
computing devices. The computer program product is stored on a
computer readable medium and includes computer code for providing a
graphical user interface (GUI) and displaying all available
hardware device interfaces in each networked computing device,
computer code for providing a turn-on switch and a turn-off switch
for each displayed hardware device interface in each networked
computing device, computer code for providing a turn-all-on switch
and a turn-all-off switch for all displayed hardware device
interfaces in each networked computing device, computer code for
monitoring status of each available hardware device interface and
data traffic across each available hardware device interface,
computer code for providing a warning signal, upon detecting an
unauthorized change of status of a specific hardware device
interface or unauthorized data traffic across a specific hardware
device interface and computer code for turning off the specific
hardware device interface by activating the turn-off switch for the
specific hardware device interface or the turn-all-off switch.
[0011] Among the advantages of this invention may be one or more of
the following. The present invention broadly monitors and protects
all the high-risk hardware device ports and interfaces that are
accessible by both the end-user and software applications,
including modern malware.
[0012] The Snoopwall technology of the present invention
complements prior art security applications, which usually monitor
network traffic across network traffic ports. Network traffic ports
may be opened for allowing Internet communications. In one example,
port 80 is opened for allowing World Wide Web communications via
the hypertext transfer protocol (HTTP). In another example, port 21
is opened for allowing file transfers via the file transfer
protocol (FTP). Prior art security applications focus on monitoring
these network traffic ports for malicious traffic and review
packets of data traveling over these network traffic ports. The
Snoopwall technology of the present invention does not need to
eavesdrop on any network traffic packets or data as it is designed
to monitor access to the actual Ethernet hardware device ports and
to alert end-users about any new attempted access to these hardware
device ports. The Snoopwall technology of the present invention
does not need any information or frequent updates about the types
of traffic that may flow across the many (up to 65535) network
traffic ports using many different protocols. Therefore, the
Snoopwall technology of the present invention complements prior art
security applications and techniques and provides a more efficient
method of blocking access to the network through the actual
hardware device interface ports such as Ethernet, Wireless
Ethernet, among others.
[0013] The Snoopwall technology of the present invention is focused
on the root cause of data leakage, i.e., access to the high-risk
hardware interface ports, while prior art security applications
focus on detecting the signatures of the malware payload or the
malware behavior. Therefore, the Snoopwall technology of the
present invention is applicable against any type of malware
including new or not yet detected types of malware, whereas the
prior art security applications are applicable only to already
known malware. In particular, the Snoopwall technology of the
present invention is applicable against advanced persistent threats
(APTs) malware, which is malware that is nearly impossible to
detect or remove. The Snoopwall technology of the present invention
is also applicable against zero-day (O-day) or other new forms of
malware. As the Snoopwall technology of the present invention
focuses on the management of the high-risk hardware interface
ports, it will not require any updates for malware signatures or
malware behavioral heuristics. The only necessary updates for the
Snoopwall technology to properly secure an end-user environment
would be only when new high-risk hardware interface ports are
created, which is a very infrequent event. This is not only
uniquely complementary to existing security utilities, it is a
completely radical approach--focusing on the areas where data is
leaked from, instead of focusing on the detection of each possible
piece of new malware being delivered to the end-user system in some
form of payload or application.
BRIEF DESCRIPTION OF THE DRAWINGS
[0014] FIG. 1 is a schematic diagram of the network architecture of
a system 80 for blocking data leakage, eavesdropping and spyware
applications according to this invention;
[0015] FIG. 2 is a schematic diagram of the computing device 92A of
FIG. 1;
[0016] FIG. 3 is a schematic diagram of one embodiment of a
graphical user interface (GUI) 100 used in the computing device 92A
of FIG. 2;
[0017] FIG. 4 is a block diagram of the components of system 80 of
FIG. 1;
[0018] FIG. 5-FIG. 8 depict an embodiment of a GUI, used in a
mobile communication device for detecting, alerting and blocking
data leakage, eavesdropping and malicious spyware; and
[0019] FIG. 9 depicts a table used to set permissions and denials
for specific applications.
DETAILED DESCRIPTION OF THE INVENTION
[0020] In general, the present invention relates to eavesdropping
and spyware blocking technology, and more specifically it relates
to systems and methods for blocking data leakage, eavesdropping and
spyware technology in networked devices by controlling access to
various high-risk data ports or hardware device interfaces. These
high risk ports include Webcam, USB, Microphone, Flash Memory,
Infrared, Bluetooth, Wireless, LAN, WAN, VPN, Cellular and GPS
interfaces, among others.
[0021] Referring to FIG. 1, a client-server system 80 for blocking
data leakage, eavesdropping and spyware applications according to
one embodiment of this invention includes computing devices 92A,
92B, mobile communication devices 92C, personal digital assistant
devices 92D, Tablet/iPad.TM. device 92F and a server 92E. Devices
92A, 92B, 92C, 92D, 92F are connected to each other and to the
server 92E via a network 90. In other embodiments, system 80
includes additional computing devices including personal computers,
servers, desktops, laptops, iPhones, iPads, iTouches, Droids,
Blackberry devices, Windows phone, Android phones, or other tablet
devices, among others.
[0022] In one example, networked computing device 92A includes a
central processing unit (CPU) 96, software applications 97, access
ports (or hardware device interfaces) 102A - - - 102N, memory 98,
database 99, a Snoopwall application 200, and a display 94, as
shown in FIG. 2. The Snoopwall application 200 provides computer
implemented operations and instructions that monitor, detect and
block data leakage, eavesdropping and spyware of the computing
device 92A. In particular, application 200 provides functionalities
for monitoring, detecting and blocking data leakage and
eavesdropping in the data stored in database 99, memory 98, and in
operations executed by the CPU 96. These functionalities include
monitoring information flow across all ports 102A . . . 102N and
closing of selected ports when data leakage, eavesdropping or
spyware are detected. Snoopwall application 200 also presents a
graphical user interface (GUI) 100, as shown displayed in display
94 of FIG. 2. Database 99 includes a list of applications 300 and
information whether each application is allowed to run on the
specific computing device and to which ports of the computing
device should have access, as shown in FIG. 9. The user of the
computing device 92A and the administrator of the client-server
system 80 are allowed to manually enter permissions and denials of
applications in list 300 and set access to specific ports and store
the information in database 99. Database 99 also stores a list of
known malicious applications that should not be allowed to run on
the computing device or have access to any or specific ports.
[0023] Snoopwall application 200 also reviews each application
prior to installing or running it on a device and determines the
associated application unique signature and the requests for access
to the high-risk access ports by the application. Application 200
stores this information in the database 99 and informs the user of
the application prior its installation. In one example, the
application ANGRYBIRDSFORAPPLE.exe is downloaded to a Windows.TM.
iTunes.TM. platform and the Snoopwall application 200 reviews the
downloaded file to determine which device ports the downloaded
application tries to access. It was found that the
ANGRYBIRDSFORAPPLE.exe application tries to access the GPS, USB,
Bluetooth, Internet, webcam and microphone, whereas the
ANGRYBIRDSFORAPPLE.exe application is not supposed to have access
to these hardware device ports. This information is stored in the
database 99 in the list of applications and is shared and
communicated to all end-users. When users try to install the
ANGRYBIRDSFORAPPLE.exe application in their iPad.TM. tablet, the
Snoopwall application 200 sends out a message to them informing
them that the application they want to install tries to access the
above mentioned device ports and asks them if they really want to
install this application and if they want to block access of the
application to any or all of the above mentioned device ports.
[0024] Referring to FIG. 3, GUI 100 displays in real time the
status of all access ports (or hardware device interface) 102A . .
. 102N. In the example of FIG. 3, ports 102A . . . 102N, are
arranged linearly within a toolbar 100A. In other examples, ports
102A . . . 102N are depicted in other geometric arrangements
including vertical arrangements, horizontal arrangements, circular
arrangements, or along any other geometric or random configuration.
Examples of access ports include Webcam 102A, USB port 102B,
Microphone 102C, Flash Memory 102D, Infrared 102E, Bluetooth 102F,
Wireless 102G, LAN, WAN, VPN, Cellular and GPS interfaces 102H,
keyboard, mouse, touchscreen, Ethernet, text messaging interfaces,
telephone interfaces, modem, gesture based interfaces, eye-motion
based interfaces, or other enhanced input/output (i/o) interfaces,
among others. GUI 100 also displays a Turn-All-ON button 104, a
Turn-All-OFF button 103 and port specific On and Off buttons 105,
106.
[0025] When data leakage, eavesdropping or spyware software are
detected in any of ports 102A . . . 102N, the port turns red,
flashes and sends an acoustical warning signal. The user has the
option to turn off manually the specific port by activating the
corresponding Off button 106 in order to block the detected data
leakage, eavesdropping or spyware software. The user has also the
option to turn off manually all access ports by activating the
Turn-All-OFF button 103. The ports may be enabled when the problem
has been resolved by activating either the Turn-All-ON button 104
or the port specific On button 105. The system also provides
automatic turning Off of all ports or specific ports when data
leakage, eavesdropping or spyware software are detected in any of
ports 102A . . . 102N. The system also provides automatic turning
ON of all ports or specific ports when the problem is resolved.
[0026] System 80 also includes Client-Server capabilities to allow
information technology managers to control remotely any or al of
the above mentioned ports in any or all of the individual devices
92A, 92B, 92C, 92D, 92F from server 92E. These Client-Server
capabilities provide real-time manual, semi-automatic and automatic
detection, alerting, blocking and controlling access to various
high-risk data ports in cases when data leakage, eavesdropping and
spyware applications are detected.
[0027] Referring to FIG. 4, the management interface for
client-server system 80 includes a command center 212, a dashboard
214, a toolbar 100A, a taskbar or systray and popup alerts 216,
standalone GUI 110, application programmers interface (API) 220,
secure communication protocol 228, network interface 230, device
driver interface library 222, real-time kernel driver 224, Rootkit
"system healer" 226, and remotely managed "Snoopwall" systems 232,
234.
[0028] In the example of FIG. 1, command center 212 runs in the
administrator's computing device (i.e., server-A 92E) and is used
for managing the Snoopwall security utilities running in the remote
system endpoints 232, 234 of the networked computing devices 92A,
92B, 92C, 92F, as well as the Snoopwall security utilities running
in the administrator's computing device 92E. Command center 212
helps create rules and policies in groups and roll them out to the
Snoopwall security utilities running in the one or more remote
system endpoints as well as to the Snoopwall security utilities
running on the administrator's computing device. Dashboard 214
summarizes real-time events from one or more remote system
endpoints 232, 234 as well as real-time events running on the
administrator's system. Toolbar 100A allows configuration changes
and alerts through a simple graphical user interface (GUI), as
shown in FIG. 3. Toolbar 100A can also be minimized to be a Taskbar
or Systray 216 until the user interacts with the system or when
events occur requiring Popup Alerts.
[0029] Standalone GUI 110 provides the system core functionalities
to the standalone computing devices 92A, 92B, 92C, 92D, 92F. These
core functionalities include obtaining help, setting options,
features, performing updates and other end-user functions. API 220
is accessible through secure, trusted interfaces 230, 222, 224,
226, and allows abstraction of the command center 212, dashboard
214, toolbar 100A, taskbar 216, and standalone GUI 110 to the
endpoint systems 232, 234. API 220 provides flexibility in how it
displays events, controls and results, while the core functionality
is available through this centralized set of function calls.
[0030] The remotely managed endpoint systems 232, 234 of the
computing devices 92A, 92B, 92C, 92D, 92F connect to the server 92E
via a network interface 230. Secure communication protocols 228
such as secure socket layer (SSL), or transport layer security
(TLS) are used in the connections and communications between the
remotely managed endpoint systems 232, 234 of the computing devices
92A, 92B, 92C, 92D, 92F and the server 92E. Core functionality
exposed by the API 220 is derived from the device driver interface
library 222 to manage Webcam 102A, USB port 102B, Microphone 102C,
Flash Memory 102D, Infrared 102E, Bluetooth 102F, Wireless 102G,
LAN, WAN, VPN, Cellular and GPS interfaces 102H, and to ensure that
control is not subverted by a hacker or malicious software.
Real-time kernel driver 224 constantly monitors the status of the
controlling interface and settings and in the event a hacker or
malicious code are able to tamper with the "Snoopwall" application,
a Rootkit "system" healer 226 is installed to capture these rare
but high risk events and thereby to restore the "Snoopwall"
application and to block data leakage.
[0031] In the standalone configuration, the Snoopwall client
application 200 depicts all available ports in the standalone GUI
110 and provides visual alerts about each high-risk data leakage
port's state, i.e., whether it is open or closed or if there is an
attempt to open one of these ports. If a port is opened and
unauthorized data transfer is detected across this port, the GUI
shows a flashing icon of this port. In other embodiments, an
acoustical warning signal is also sent. The user of the device
and/or the remote administrator have the ability to enable or
disable any or all of the displayed high-risk ports. As was
mentioned above, these high-risk ports include Webcam 102A, USB
port 102B, Microphone 102C, Flash Memory 102D, Infrared 102E,
Bluetooth 102F, Wireless 102G, LAN, WAN, VPN, Cellular and GPS
interfaces 102H. In the case of the keyboard being attacked, the
functionality of the keyboard is not disabled while the keyboard is
protected against keyloggers. In the case when the USB port is
being eavesdropped, the USB port is disabled while the keyboard and
mouse devices remain operational. In addition, password and/or
token access can be enabled as an additional security option so
that no third-party can take over a high-risk data leakage port
without being prompted for a password or token.
[0032] Configuration options allow for an auto-shutoff interval to
be set on one or more selected high-risk data leakage ports, an
auto-alert interval and method such as popup window or email,
password, token and proxy server settings as well as update server
information. The Snoopwall application 200 may be written using any
programming language, including C, C++, Java with database
interfaces into a Structured Query Language (SQL) database and/or
text files containing critical user, application and ports
information, among others. However, since each Snoopwall
application for each standalone device has a different GUI, Kernel,
Driver, Rootkit and Secure Communication methodologies, the code of
the Snoopwall application is customized to ensure it functions
securely and can self-heal on any operating system (OS) including
Windows.TM. XP, Windows.TM. 7, Windows.TM. 8, iPhone.TM., iPad.TM.,
iTouch.TM. OS Editions, Android.TM. OS, Linux OS, BSD, Unix,
Blackberry OS, Microsoft Phone and Tablet operating systems, among
others.
[0033] In the Client-Server system configuration, the Snoopwall
server 92E contains all the codes of the Snoopwall clients to
ensure that the local systems 92A, 92B, 2C, 92D, 92F are secure
from eavesdropping. Server 92E also includes the built-in
application programmers interface (API) 220, dashboard 214, command
center 212, toolbar 100A, and taskbar or systray and popup alerts
216. API 220 allows for remote control, alerts and updates from
Snoopwall client systems in the same WAN, LAN or multi-VLAN
segments through authentication. Dashboard 214 displays in
real-time the status of the ports in each Snoopwall client and
which Snoopwall clients have changed their profile. Command center
212 allows making changes in single Snoopwall clients or creating
groups and pushing changes to these groups. The Snoopwall Server
code also includes industry standard logging using SYSLOG format
about the key events of Snoopwall clients and the server itself. As
was mentioned above, Snoopwall application 200 may be written using
any programming language, and the code is customized so that it can
run on one or more operating systems including Windows.TM. 2000,
Windows.TM. NT, Windows.TM. XP, Windows.TM. 7 and Windows.TM. 8 as
well as Linux, BSD and Unix, among others.
[0034] Referring to FIG. 5 and FIG. 6, Snoopwall application 200A
for a mobile phone 92C includes a GUI screen 120 that depicts a
privacy meter indicator 122, the amount of CPU used 124, the
battery voltage used 126, the storage capacity used 127, the memory
capacity used 125, and the battery power level 123. GUI 120 also
includes a toolbar 121, a button for initiating a privacy audit
function 128 and a take control button 129. Activating the take
control button 129 presents a new GUI screen 130, shown in FIG. 7.
GUI screen 130 depicts the status of all high risk ports including
microphone 131, Bluetooth interface 132, GPS 133, storage 134, USB
135, Infrared interface 136, Wi-Fi interface 137, camera 138, SMS
messaging port 139 and the phone port 140. Next to each port there
is a slidably activated button 150 that can be set to the On
position 150a or the Off position 150b and thereby to enable or
disable the corresponding port. Screen 130 also includes images of
the active applications 145 and allows the user to turn on or off
the applications by sliding button 150 to the On position 150a or
the Off position 150b, as shown in FIG. 8.
[0035] In operation, every networked computing device 92A, 92B,
92C, 92D, 92F is equipped with an anti-eavesdropping utility, i.e.,
a Snoopwall application 200, that complements all existing
firewalls and all anti-virus programs. With the Snoopwall
application 200 installed, a user can easily see which data ports
are open, which ports are closed and if there is unauthorized data
leakage (eavesdropping) across a port. The user receives visual
alerts when there is unauthorized eavesdropping across a port and
has the option to select which ports to keep open and which port to
disable. Ports may be disabled completely and remain closed until
the user unlocks them with a secret password. As was mentioned
above, there are two versions of the Snoopwall application, the
consumer (also known as the "standalone" configuration) edition and
the enterprise edition (also known as the "client-server"
configuration). The enterprise edition includes a command center
212, dashboard 214 and remote management API 220. Whether operating
in the standalone or in the client-server configuration, the
Snoopwall application enables computing device managers and owners
to finally take control of these devices and truly know if there is
any attempt to eavesdrop on them through high risk data leakage
ports.
[0036] Several embodiments of the present invention have been
described. Nevertheless, it will be understood that various
modifications may be made without departing from the spirit and
scope of the invention. Accordingly, other embodiments are within
the scope of the following claims.
* * * * *