Skycure Mobile Security Research Labs

The epitome of mobile security research

Skycure Mobile Security Research Labs is always investigating the mobile threat landscape with two core goals:

Uncover vulnerabilities before an attacker does, so that software manufacturers can release patches before attackers can do any damage. This cycle helps keep mobile threat defense proactive to minimize damage, as opposed to relying on strategies that are reactive and costly to fix after-the-fact.


Use research findings to enhance Skycure’s threat analysis engine, and augment the massive crowd-sourced intelligence apparatus, so that end users and their devices benefit from the most up-to-date information.

The Most Prolific Mobile Security Research in the Industry

Skycure Research Labs has exposed more major mobile vulnerabilities than all Mobile Threat Defense, Mobile Threat Protection and Mobile Threat Prevention competitors combined. Vulnerabilities exposed by Skycure are the primary reason for Apple to acknowledge and update the last three major versions of iOS. In addition to Apple, Google has also acknowledged and fixed multiple Android vulnerabilities reported by Skycure Research Labs. Here are just a few examples of mobile vulnerabilities that Skycure Research Labs has identified in the past few years:

App-in-the-Middle uses a malicious personal app to steal data out of secure containers, such as Android for Work, by exploiting vulnerable system services like notifications and accessibility services.

Accessibility Clickjacking is a complex Android hack, using display overlays to trick users into providing unlimited device access through Accessibility Services, including admin privileges.

Shared Cookie Stores used to happen when a user connected to a captive portal network, the embedded browser shared the Safari Cookie Store with that of the captive portal.

No iOS Zone uses a carefully crafted SSL certificate and scripting to crash apps on iOS devices, opening the door to massive distributed denial of service (DDoS) attacks.

Invisible Malicious Profiles, like Malicious Profiles, grant hackers deep device access, but are also invisible to the user, in that they do not appear in the list of profiles for easy removal.

HTTP Request Hijacking was discovered a couple of years ago and at the time, affected a huge number of mobile apps that used HTTP to communicate with their servers instead of HTTPS.

WiFiGate allows network-based attackers to set up a rogue Wi-Fi network that imitates one of many pre-defined network configurations pushed out by carriers.

Malicious iOS Profiles are not apps, but give potentially unlimited device access. When first disclosed, exploded the myth that iOS users enjoyed nothing but peace and security.

LinkedOut is a classic example of a mobile app that collects too much information and, worse, sends the data to their servers for storage and potential viewing by others.

By working diligently to discover these vulnerabilities and others, and working with Apple and Google Android team to fix them, every mobile user and business is more secure.

Unique and Proprietary Technology

Advanced research and patents propel Skycure to the leadership position

Active Honeypot
This patented approach to network security delivers unmatched protection against all types of network threats while preserving user privacy.

Anytime something changes on the device, Skycure sends realistic network traffic of all kinds (email, message, browser, etc.) and evaluates the response for even minute deviations from what is expected, and can determine exactly what type of attack or threat exists on that network.

Server Hack Confirmation
A very clever phase 2 defense following Active Honeypot activity to identify hacker source and destination.

Any adversary that later utilizes credentials stolen during Active Honeypot activity will immediately be identified as a hacker, and Skycure will be able to pinpoint not only the active exploit, but also the time and location of the original hack where the credentials were stolen.

Repackaged Apps
Repackaging apps is incredibly easy and makes zero-day exploits far more common and signature databases far less valuable.

Skycure’s unique crowd-sourced threat intelligence and analysis engines allows for rapid identification of repackaged apps based on a wide variety of forensic data gathered across the globe that is simply impossible to achieve for any solution that relies only on the data gathered from a single device or organization.

Selective Resource Protection (SRP)
Skycure is the only solution that proactively protects your most precious corporate resources, without shutting down productivity.

If a threat is detected, communications to pre-identified selected corporate resources are immediately cut off from the compromised device, so no sensitive data is even transmitted, eliminating the chance of exposure. Users still have full corporate access from other devices and non-critical communications on the compromised device.

Secure Connection Protection (SCP)
Functioning in cooperation with SRP, Skycure users are assured they can remain productive while protecting critical resources.

Simultaneously with the activation of SRP, SCP attempts to create a secure connection using the Skycure or 3rd party VPN. If successful, then SRP automatically deactivates and the user is fully productive and protected. If not, SRP remains active for the duration of the exposure to the threat.

Unsure about a recent SMS, MMS, or an app you have received?
Send it to Skycure Research Labs for a complete forensic analysis.