Mobile Security Research Lab

The epitome of mobile security research

Email Us Request a Demo

Symantec Endpoint Protection Mobile (SEP Mobile) Security Research Lab is always investigating the mobile threat landscape with two core goals:

  1. Uncover vulnerabilities before an attacker does, so that software manufacturers can release patches before attackers can do any damage. This cycle helps keep mobile threat defense proactive to minimize damage, as opposed to relying on strategies that are reactive and costly to fix after-the-fact.
  2. Use research findings to enhance SEP Mobile’s threat analysis engine, and augment the crowd-sourced intelligence apparatus, so that end users and their devices benefit from the most up-to-date information.
Mobile Security Research Labs

The Most Prolific Mobile Security Research in the Industry

SEP Mobile’s Security Research Lab has exposed more major mobile vulnerabilities than all Mobile Threat Defense, Mobile Threat Protection and Mobile Threat Prevention competitors combined. Vulnerabilities exposed by SEP Mobile Research have been acknowledged by Apple in the last three major versions of iOS. In addition to Apple, Google has also acknowledged and fixed multiple Android vulnerabilities reported by our Security Research Lab. Here are just a few examples of mobile vulnerabilities that the Research Lab has identified in the past few years:

App-in-the-Middle uses a malicious personal app to steal data out of secure containers, such as Android for Work, by exploiting vulnerable system services like notifications and accessibility services.

Read the Blog Post


Accessibility Clickjacking is a complex Android hack, using display overlays to trick users into providing unlimited device access through Accessibility Services, including admin privileges.

Read the Blog Post

Accessibility Clickjacking

Shared Cookie Stores used to happen when a user connected to a captive portal network, the embedded browser shared the Safari Cookie Store with that of the captive portal.

Read the Blog Post

Shared Cookie Stores

No iOS Zone uses a carefully crafted SSL certificate and scripting to crash apps on iOS devices, opening the door to massive distributed denial of service (DDoS) attacks.

Read the Blog Post

No iOS Zone

Invisible Malicious Profiles, like Malicious Profiles, grant hackers deep device access, but are also invisible to the user, in that they do not appear in the list of profiles for easy removal.

Read the Blog Post

Invisible Malicious Profiles

HTTP Request Hijacking was discovered a couple of years ago and at the time, affected a huge number of mobile apps that used HTTP to communicate with their servers instead of HTTPS.

Read the Blog Post

HTTP Request Hijacking

WiFiGate allows network-based attackers to set up a rogue Wi-Fi network that imitates one of many pre-defined network configurations pushed out by carriers.

Read the Blog Post


Malicious iOS Profiles are not apps, but give potentially unlimited device access. When first disclosed, exploded the myth that iOS users enjoyed nothing but peace and security.

Read the Blog Post

Malicious iOS Profiles

LinkedOut is a classic example of a mobile app that collects too much information and, worse, sends the data to their servers for storage and potential viewing by others.

Read the Blog Post


By working diligently to discover these vulnerabilities and others, and working with Apple and the Google Android team to fix them, every mobile user and business is more secure.

Unique and Proprietary Patented Technology

Advanced research and patents propel SEP Mobile to the leadership position in Mobile Threat Defense

Active Honeypot

  • This patented approach to network security delivers unmatched protection against all types of network threats while preserving user privacy.
  • Anytime something changes on the device, SEP Mobile sends realistic network traffic of all kinds (email, message, browser, etc.) and evaluates the response for even minute deviations from what is expected, and can determine exactly what type of attack or threat exists on that network.

Server Hack Confirmation

  • A very clever phase 2 defense following Active Honeypot activity to identify hacker source and destination.
  • Any adversary that later utilizes credentials stolen during Active Honeypot activity will immediately be identified as a hacker, and SEP Mobile forensic researchers will be able to pinpoint not only the active exploit, but also the time and location of the original hack where the credentials were stolen.

Repackaged Apps

  • Repackaging apps is incredibly easy and makes zero-day exploits far more common and signature databases far less valuable.
  • SEP Mobile’s unique crowd-sourced threat intelligence and analysis engines allow for rapid identification of repackaged apps based on a wide variety of forensic data gathered across the globe that is simply impossible to achieve for any solution that relies only on the data gathered from a single device or organization.

Selective Resource Protection (SRP)

  • SEP Mobile is the only solution that proactively protects your most precious corporate resources, without shutting down productivity.
  • If a threat is detected, communications to pre-identified selected corporate resources are immediately cut off from the compromised device, so no sensitive data is even transmitted, eliminating the chance of exposure. Users still have full corporate access from other devices and non-critical communications on the compromised device.

Secure Connection Protection (SCP)

  • Functioning in cooperation with SRP, SEP Mobile users are assured they can remain productive while protecting critical resources.
  • Simultaneously with the activation of SRP, SCP attempts to create a secure connection using the SEP Mobile VPN. If successful, then SRP automatically deactivates and the user is fully productive and protected. If not, SRP remains active for the duration of the exposure to the threat.