SYSTEM AND METHOD FOR DETECTING, ALERTING AND BLOCKING DATA LEAKAGE, EAVESDROPPING AND SPYWARE

Abstract

A computer implemented method for detecting, alerting and blocking data leakage, eavesdropping and spyware in one or more networked computing devices includes providing a graphical user interface (GUI) and displaying all available hardware device interfaces in each networked computing device. Next, providing a turn-on switch and a turn-off switch for each displayed hardware device interface in each networked computing device. Next, providing a turn-all-on switch and a turn-all-off switch for all displayed hardware device interfaces in each networked computing device. Next, monitoring status of each available hardware device interface and data traffic across each available hardware device interface. Upon detecting an unauthorized change of status of a specific hardware device interface or unauthorized data traffic across a specific hardware device interface providing a warning signal, turning off the specific hardware device interface by activating the turn-off switch for the specific hardware device interface or the turn-all-off switch.

Claims

1. A computer implemented method for detecting, alerting and blocking data leakage, eavesdropping and spyware in one or more networked computing devices comprising: providing a graphical user interface (GUI) and displaying all available hardware device interfaces in each networked computing device; providing a turn-on switch and a turn-off switch for each displayed hardware device interface in each networked computing device; providing a turn-all-on switch and a turn-all-off switch for all displayed hardware device interfaces in each networked computing device; monitoring status of each available hardware device interface and data traffic across each available hardware device interface; upon detecting an unauthorized change of status of a specific hardware device interface or unauthorized data traffic across a specific hardware device interface providing a warning signal; and turning off the specific hardware device interface by activating the turn-off switch for the specific hardware device interface or the turn-all-off switch.

2. The method of claim 1, further comprising upon resolving the unauthorized change of status or unauthorized data traffic across the specific hardware device interface, turning on the specific hardware device interface by activating the turn-on switch for the specific hardware device interface or the turn-on-off switch.

3. The method of claim 1, wherein activation of the turn-on, turn-off, turn-all-on, turn-all-off switches is initiated locally by a user of the networked computing device.

4. The method of claim 1, wherein activation of the turn-on, turn-off, turn-all-on, turn-all-off switches is initiated remotely by an administrator of the networked computing device.

5. The method of claim 1, wherein said networked computing device comprises a central processing unit (CPU), a security application, and a display, wherein the security application provides computer implemented operations and instructions that monitor, detect and block data leakage, eavesdropping and spyware across all available hardware device interfaces in each of the networked computing device; wherein the CPU executes the computer implemented instruction provided by the security application, and wherein the display displays the GUI.

6. The method of claim 1, further comprising providing a first table comprising a list of applications and authorized status of each available hardware device interface for each application and storing said first table in a database.

7. The method of claim 6, further comprising providing a second table comprising a list of known malicious applications and storing said second table in said database.

8. The method of claim 1 further comprising providing a server configured to access the one or more networked computing devices via a network connection and wherein said server comprises a command center, a dashboard, a toolbar, a taskbar, a standalone GUI and an application programmers interface (API), and wherein said command center is configured to manage remotely security applications in the one or more networked computing devices.

9. The method of claim 8, further comprising creating rules and policies and installing them in the security applications of the one or more networked computing devices and the server via the command center.

10. The method of claim 8, further comprising summarizing and presenting in the dashboard real-time events occurring in the one or more networked computing devices and the server.

11. The method of claim 8, further comprising displaying the status of all available hardware device interfaces in the toolbar for the one or more networked computing devices and the server.

12. The method of claim 8, wherein communications between the server and the one or more networked computing devices comprise secure communications protocols.

13. The method of claim 12, wherein said secure communication protocols comprise one of secure socket layer (SSL), or transport layer security (TLS).

14. The method of claim 8, wherein the server further comprises a real-time kernel driver and a rootkit ‘system’ healer, and wherein the real-time kernel constantly monitors the status of all controlling interfaces and settings and in the event a hacker or malicious code tampers with the security applications, the rootkit “system” healer restores the security applications.

15. The method of claim 1, wherein the available hardware device interfaces comprise one or more of keyboard, mouse, touchscreen, webcam, USB hardware device interface, microphone, Flash memory, Infrared, Bluetooth, Ethernet, Wireless, LAN, WAN, VPN, text messaging interfaces, telephone interfaces, modem, cellular, GPS interfaces, gesture based interfaces or eye-motion based interfaces.

16. The method of claim 1, wherein the turn-on, turn-off, turn-all-on, turn-all-off switches comprise slidably activated switches.

17. The method of claim 1, wherein the turn-on, turn-off, turn-all-on, turn-all-off switches comprise pressure activated switches.

18. The method of claim 1, wherein the networked computing devices comprise one of personal computers, servers, desktops, laptops, mobile phones, iPhones™, iPads™, iTouches™, Droids™, Blackberry™ devices, Windows™ phone, Android™ phones, personal digital assistants (PDAs), or tablet devices.

19. The method of claim 1, wherein the warning signal comprises a visual warning signal or an acoustical warning signal.

20. The method of claim 11, wherein the visual warning signal comprises flashing of the specific hardware device interface image in the GUI.

21. The method of claim 1, further comprising, prior to installing a new application in any of the one or more networked computing devices, sending a message comprising the hardware device interfaces to which the new application requests access and asking for installation permission and which hardware device interfaces should be blocked.

22. A system for detecting, alerting and blocking data leakage, eavesdropping and spyware in one or more networked computing devices comprising: a graphical user interface (GUI) displaying all available hardware device interfaces in each networked computing device; a turn-on switch and a turn-off switch for each displayed hardware device interface in each networked computing device; a turn-all-on switch and a turn-all-off switch for all displayed hardware device interfaces in each networked computing device; a security application configured to monitor status of each available hardware device interface and data traffic across each available hardware device interface, and upon detecting an unauthorized change of status of a specific hardware device interface or unauthorized data traffic across a specific hardware device interface providing a warning signal and turning off the specific hardware device interface by activating the turn-off switch for the specific hardware device interface or the turn-all-off switch.

23. A computer program product for detecting, alerting and blocking data leakage, eavesdropping and spyware in one or more networked computing devices, wherein said computer program product is stored on a computer readable medium and comprises: computer code for providing a graphical user interface (GUI) and displaying all available hardware device interfaces in each networked computing device; computer code for providing a turn-on switch and a turn-off switch for each displayed hardware device interface in each networked computing device; computer code for providing a turn-all-on switch and a turn-all-off switch for all displayed hardware device interfaces in each networked computing device; computer code for monitoring status of each available hardware device interface and data traffic across each available hardware device interface; computer code for providing a warning signal, upon detecting an unauthorized change of status of a specific hardware device interface or unauthorized data traffic across a specific hardware device interface; and computer code for turning off the specific hardware device interface by activating the turn-off switch for the specific hardware device interface or the turn-all-off switch.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0015] FIG. 1 is a schematic diagram of the network architecture of a system 80 for blocking data leakage, eavesdropping and spyware applications according to this invention;

[0016] FIG. 2 is a schematic diagram of the computing device 92A of FIG. 1;

[0017] FIG. 3 is a schematic diagram of one embodiment of a graphical user interface (GUI) 100 used in the computing device 92A of FIG. 2;

[0018] FIG. 4 is a block diagram of the components of system 80 of FIG. 1;

[0019] FIG. 5-FIG. 8 depict an embodiment of a GUI, used in a mobile communication device for detecting, alerting and blocking data leakage, eavesdropping and malicious spyware; and

[0020] FIG. 9 depicts a table used to set permissions and denials for specific applications.

DETAILED DESCRIPTION OF THE INVENTION

[0021] In general, the present invention relates to eavesdropping and spyware blocking technology, and more specifically it relates to systems and methods for blocking data leakage, eavesdropping and spyware technology in networked devices by controlling access to various high-risk data ports or hardware device interfaces. These high risk ports include Webcam, USB, Microphone, Flash Memory, Infrared, Bluetooth, Wireless, LAN, WAN, VPN, Cellular and GPS interfaces, among others.

[0022] Referring to FIG. 1, a client-server system 80 for blocking data leakage, eavesdropping and spyware applications according to one embodiment of this invention includes computing devices 92A, 92B, mobile communication devices 92C, personal digital assistant devices 92D, Tablet/iPad™ device 92F and a server 92E. Devices 92A, 92B, 92C, 92D, 92F are connected to each other and to the server 92E via a network 90. In other embodiments, system 80 includes additional computing devices including personal computers, servers, desktops, laptops, iPhones, iPads, iTouches, Droids, Blackberry devices, Windows phone, Android phones, or other tablet devices, among others.

[0023] In one example, networked computing device 92A includes a central processing unit (CPU) 96, software applications 97, access ports (or hardware device interfaces) 102A - - - 102N, memory 98, database 99, a Snoopwall application 200, and a display 94, as shown in FIG. 2. The Snoopwall application 200 provides computer implemented operations and instructions that monitor, detect and block data leakage, eavesdropping and spyware of the computing device 92A. In particular, application 200 provides functionalities for monitoring, detecting and blocking data leakage and eavesdropping in the data stored in database 99, memory 98, and in operations executed by the CPU 96. These functionalities include monitoring information flow across all ports 102A . . . 102N and closing of selected ports when data leakage, eavesdropping or spyware are detected. Snoopwall application 200 also presents a graphical user interface (GUI) 100, as shown displayed in display 94 of FIG. 2. Database 99 includes a list of applications 300 and information whether each application is allowed to run on the specific computing device and to which ports of the computing device should have access, as shown in FIG. 9. The user of the computing device 92A and the administrator of the client-server system 80 are allowed to manually enter permissions and denials of applications in list 300 and set access to specific ports and store the information in database 99. Database 99 also stores a list of known malicious applications that should not be allowed to run on the computing device or have access to any or specific ports.

[0024] Snoopwall application 200 also reviews each application prior to installing or running it on a device and determines the associated application unique signature and the requests for access to the high-risk access ports by the application. Application 200 stores this information in the database 99 and informs the user of the application prior its installation. In one example, the application ANGRYBIRDSFORAPPLE.exe is downloaded to a Windows™ iTunes™ platform and the Snoopwall application 200 reviews the downloaded file to determine which device ports the downloaded application tries to access. It was found that the ANGRYBIRDSFORAPPLE.exe application tries to access the GPS, USB, Bluetooth, Internet, webcam and microphone, whereas the ANGRYBIRDSFORAPPLE.exe application is not supposed to have access to these hardware device ports. This information is stored in the database 99 in the list of applications and is shared and communicated to all end-users. When users try to install the ANGRYBIRDSFORAPPLE.exe application in their iPad™ tablet, the Snoopwall application 200 sends out a message to them informing them that the application they want to install tries to access the above mentioned device ports and asks them if they really want to install this application and if they want to block access of the application to any or all of the above mentioned device ports.

[0025] Referring to FIG. 3, GUI 100 displays in real time the status of all access ports (or hardware device interface) 102A . . . 102N. In the example of FIG. 3, ports 102A . . . 102N, are arranged linearly within a toolbar 100A. In other examples, ports 102A . . . 102N are depicted in other geometric arrangements including vertical arrangements, horizontal arrangements, circular arrangements, or along any other geometric or random configuration. Examples of access ports include Webcam 102A, USB port 102B, Microphone 102C, Flash Memory 102D, Infrared 102E, Bluetooth 102F, Wireless 102G, LAN, WAN, VPN, Cellular and GPS interfaces 102H, keyboard, mouse, touchscreen, Ethernet, text messaging interfaces, telephone interfaces, modem, gesture based interfaces, eye-motion based interfaces, or other enhanced input/output (i/o) interfaces, among others. GUI 100 also displays a Turn-All-ON button 104, a Turn-All-OFF button 103 and port specific On and Off buttons 105, 106.

[0026] When data leakage, eavesdropping or spyware software are detected in any of ports 102A . . . 102N, the port turns red, flashes and sends an acoustical warning signal. The user has the option to turn off manually the specific port by activating the corresponding Off button 106 in order to block the detected data leakage, eavesdropping or spyware software. The user has also the option to turn off manually all access ports by activating the Turn-All-OFF button 103. The ports may be enabled when the problem has been resolved by activating either the Turn-All-ON button 104 or the port specific On button 105. The system also provides automatic turning Off of all ports or specific ports when data leakage, eavesdropping or spyware software are detected in any of ports 102A . . . 102N. The system also provides automatic turning ON of all ports or specific ports when the problem is resolved.

[0027] System 80 also includes Client-Server capabilities to allow information technology managers to control remotely any or al of the above mentioned ports in any or all of the individual devices 92A, 92B, 92C, 92D, 92F from server 92E. These Client-Server capabilities provide real-time manual, semi-automatic and automatic detection, alerting, blocking and controlling access to various high-risk data ports in cases when data leakage, eavesdropping and spyware applications are detected.

[0028] Referring to FIG. 4, the management interface for client-server system 80 includes a command center 212, a dashboard 214, a toolbar 100A, a taskbar or systray and popup alerts 216, standalone GUI 110, application programmers interface (API) 220, secure communication protocol 228, network interface 230, device driver interface library 222, real-time kernel driver 224, Rootkit “system healer” 226, and remotely managed “Snoopwall” systems 232, 234.

[0029] In the example of FIG. 1, command center 212 runs in the administrator's computing device (i.e., server-A 92E) and is used for managing the Snoopwall security utilities running in the remote system endpoints 232, 234 of the networked computing devices 92A, 92B, 92C, 92F, as well as the Snoopwall security utilities running in the administrator's computing device 92E. Command center 212 helps create rules and policies in groups and roll them out to the Snoopwall security utilities running in the one or more remote system endpoints as well as to the Snoopwall security utilities running on the administrator's computing device. Dashboard 214 summarizes real-time events from one or more remote system endpoints 232, 234 as well as real-time events running on the administrator's system. Toolbar 100A allows configuration changes and alerts through a simple graphical user interface (GUI), as shown in FIG. 3. Toolbar 100A can also be minimized to be a Taskbar or Systray 216 until the user interacts with the system or when events occur requiring Popup Alerts.

[0030] Standalone GUI 110 provides the system core functionalities to the standalone computing devices 92A, 92B, 92C, 92D, 92F. These core functionalities include obtaining help, setting options, features, performing updates and other end-user functions. API 220 is accessible through secure, trusted interfaces 230, 222, 224, 226, and allows abstraction of the command center 212, dashboard 214, toolbar 100A, taskbar 216, and standalone GUI 110 to the endpoint systems 232, 234. API 220 provides flexibility in how it displays events, controls and results, while the core functionality is available through this centralized set of function calls.

[0031] The remotely managed endpoint systems 232, 234 of the computing devices 92A, 92B, 92C, 92D, 92F connect to the server 92E via a network interface 230. Secure communication protocols 228 such as secure socket layer (SSL), or transport layer security (TLS) are used in the connections and communications between the remotely managed endpoint systems 232, 234 of the computing devices 92A, 92B, 92C, 92D, 92F and the server 92E. Core functionality exposed by the API 220 is derived from the device driver interface library 222 to manage Webcam 102A, USB port 102B, Microphone 102C, Flash Memory 102D, Infrared 102E, Bluetooth 102F, Wireless 102G, LAN, WAN, VPN, Cellular and GPS interfaces 102H, and to ensure that control is not subverted by a hacker or malicious software. Real-time kernel driver 224 constantly monitors the status of the controlling interface and settings and in the event a hacker or malicious code are able to tamper with the “Snoopwall” application, a Rootkit “system” healer 226 is installed to capture these rare but high risk events and thereby to restore the “Snoopwall” application and to block data leakage.

[0032] In the standalone configuration, the Snoopwall client application 200 depicts all available ports in the standalone GUI 110 and provides visual alerts about each high-risk data leakage port's state, i.e., whether it is open or closed or if there is an attempt to open one of these ports. If a port is opened and unauthorized data transfer is detected across this port, the GUI shows a flashing icon of this port. In other embodiments, an acoustical warning signal is also sent. The user of the device and/or the remote administrator have the ability to enable or disable any or all of the displayed high-risk ports. As was mentioned above, these high-risk ports include Webcam 102A, USB port 102B, Microphone 102C, Flash Memory 102D, Infrared 102E, Bluetooth 102F, Wireless 102G, LAN, WAN, VPN, Cellular and GPS interfaces 102H. In the case of the keyboard being attacked, the functionality of the keyboard is not disabled while the keyboard is protected against keyloggers. In the case when the USB port is being eavesdropped, the USB port is disabled while the keyboard and mouse devices remain operational. In addition, password and/or token access can be enabled as an additional security option so that no third-party can take over a high-risk data leakage port without being prompted for a password or token.

[0033] Configuration options allow for an auto-shutoff interval to be set on one or more selected high-risk data leakage ports, an auto-alert interval and method such as popup window or email, password, token and proxy server settings as well as update server information. The Snoopwall application 200 may be written using any programming language, including C, C++, Java with database interfaces into a Structured Query Language (SQL) database and/or text files containing critical user, application and ports information, among others. However, since each Snoopwall application for each standalone device has a different GUI, Kernel, Driver, Rootkit and Secure Communication methodologies, the code of the Snoopwall application is customized to ensure it functions securely and can self-heal on any operating system (OS) including Windows™ XP, Windows™ 7, Windows™ 8, iPhone™, iPad™, iTouch™ OS Editions, Android™ OS, Linux OS, BSD, Unix, Blackberry OS, Microsoft Phone and Tablet operating systems, among others.

[0034] In the Client-Server system configuration, the Snoopwall server 92E contains all the codes of the Snoopwall clients to ensure that the local systems 92A, 92B, 2C, 92D, 92F are secure from eavesdropping. Server 92E also includes the built-in application programmers interface (API) 220, dashboard 214, command center 212, toolbar 100A, and taskbar or systray and popup alerts 216. API 220 allows for remote control, alerts and updates from Snoopwall client systems in the same WAN, LAN or multi-VLAN segments through authentication. Dashboard 214 displays in real-time the status of the ports in each Snoopwall client and which Snoopwall clients have changed their profile. Command center 212 allows making changes in single Snoopwall clients or creating groups and pushing changes to these groups. The Snoopwall Server code also includes industry standard logging using SYSLOG format about the key events of Snoopwall clients and the server itself. As was mentioned above, Snoopwall application 200 may be written using any programming language, and the code is customized so that it can run on one or more operating systems including Windows™ 2000, Windows™ NT, Windows™ XP, Windows™ 7 and Windows™ 8 as well as Linux, BSD and Unix, among others.

[0035] Referring to FIG. 5 and FIG. 6, Snoopwall application 200A for a mobile phone 92C includes a GUI screen 120 that depicts a privacy meter indicator 122, the amount of CPU used 124, the battery voltage used 126, the storage capacity used 127, the memory capacity used 125, and the battery power level 123. GUI 120 also includes a toolbar 121, a button for initiating a privacy audit function 128 and a take control button 129. Activating the take control button 129 presents a new GUI screen 130, shown in FIG. 7. GUI screen 130 depicts the status of all high risk ports including microphone 131, Bluetooth interface 132, GPS 133, storage 134, USB 135, Infrared interface 136, Wi-Fi interface 137, camera 138, SMS messaging port 139 and the phone port 140. Next to each port there is a slidably activated button 150 that can be set to the On position 150a or the Off position 150b and thereby to enable or disable the corresponding port. Screen 130 also includes images of the active applications 145 and allows the user to turn on or off the applications by sliding button 150 to the On position 150a or the Off position 150b, as shown in FIG. 8.

[0036] In operation, every networked computing device 92A, 92B, 92C, 92D, 92F is equipped with an anti-eavesdropping utility, i.e., a Snoopwall application 200, that complements all existing firewalls and all anti-virus programs. With the Snoopwall application 200 installed, a user can easily see which data ports are open, which ports are closed and if there is unauthorized data leakage (eavesdropping) across a port. The user receives visual alerts when there is unauthorized eavesdropping across a port and has the option to select which ports to keep open and which port to disable. Ports may be disabled completely and remain closed until the user unlocks them with a secret password. As was mentioned above, there are two versions of the Snoopwall application, the consumer (also known as the “standalone” configuration) edition and the enterprise edition (also known as the “client-server” configuration). The enterprise edition includes a command center 212, dashboard 214 and remote management API 220. Whether operating in the standalone or in the client-server configuration, the Snoopwall application enables computing device managers and owners to finally take control of these devices and truly know if there is any attempt to eavesdrop on them through high risk data leakage ports.

[0037] Several embodiments of the present invention have been described. Nevertheless, it will be understood that various modifications may be made without departing from the spirit and scope of the invention. Accordingly, other embodiments are within the scope of the following claims.