Former NSA hacker and former Apple researcher launches startup to protect Apple devices

Two experienced security experts are starting a startup that goals to help other cybersecurity product developers improve their efforts to protect Apple devices.

Their startup is known as Double You, the name comes from the initials of its co-founder, Patrick Wardle, who worked on the US National Security Agency in 2006-2008. Wardle then worked for years as an offensive security researcher before independently researching the defensive security of Apple’s macOS. Since 2015, Wardle has been developing free and open source macOS security tools under its wing. Purpose – see Foundationwhich can be hosting an Apple-centric event Objective By The Sea conference.

Its co-founder is Mikhail Sosonkin, who before working at Apple from 2019 to 2021 was also an offensive cybersecurity researcher for years. Wardle, who described himself as a “mad scientist in the lab,” said Sosonkin was “the right partner” for whom he needed to turn his ideas into reality.

“Mike may not be making waves, but he’s an amazing software engineer,” Wardle said.

The idea behind DoubleYou is that compared to Windows, there are still only a couple of good security products for macOS and iPhones. This is an issue because Macs have gotten an increasingly popular selection for businesses world wide, which implies malicious hackers are increasingly targeting Apple computers too. Wardle and Sosonkin said there aren’t many talented macOS and iOS security researchers, which implies corporations are struggling to develop their products.

Wardle and Sosonkin’s idea is to take a page out of the playbook of hackers who focus on attacking systems and apply it to defense. Several offensive cybersecurity corporations offer modular products, able to delivering an entire exploit chain or only one element of it. The DoubleYou team wants to just do that – but with defensive tools.

“Instead of building an entire product from scratch, for example, we really took a step back and said, ‘hey, how do adversaries do this?’” Wardle said in an interview with TechCrunch. “Can we basically take the same model of basically democratizing security, but from a defensive standpoint where we develop individual capabilities that we can then license and have other companies integrate into their security products?”

Wardle and Sosonkin consider they’ll.

And while the co-founders have not yet selected the total list of modules they need to offer, they said their product will certainly include a core offering that features analyzing a complete recent process to detect and block untrusted code (which in macOS means they don’t seem to be “notarized” by Apple) and monitoring and blocking unusual DNS network traffic, which may detect malware when connecting to domains related to hacking groups. Wardle said that, a minimum of for now, they might be primarily for macOS.

The founders also want to develop tools to monitor software that wishes to develop into persistent – an indicator of malware – to detect cryptocurrency miners and ransomware based on their behavior and to detect when the software tries to gain permission to use a webcam and microphone.

Sosonkin described it as an “off-the-shelf, catalog-based approach” during which each customer can select the components they need to use of their product. Wardle described it as a supplier of automotive parts reasonably than a manufacturer of your entire automotive. This approach, Wardle added, is comparable to the one he took when developing various Objective-See tools comparable to Oversight, which monitors microphone and webcam usage; AND Knock Knockwhich monitors whether the appliance wants to persist.

“We don’t have to use new technology to make it work. We need to actually take the tools that are available and put them in the right place,” Sosonkin said.

Wardle and Sosonkin’s plan doesn’t involve making any outside investments for now. The co-founders said they wanted to remain independent and avoid a few of the pitfalls of attracting outside investment, namely having to scale an excessive amount of and too quickly, allowing them to give attention to technology development.

“Maybe in some ways we are like stupid idealists,” Sosonkin said. “We just want to catch some malware. Hopefully we can make some money along the way.”