Image credits: Patrick Wardle
Two veteran security experts are launching a startup that aims to help other cybersecurity product makers improve their level of protection for Apple devices.
Their startup is called DoubleYou, the name taken from the initials of its co-founder, Patrick Wardle, who worked at the United States National Security Agency between 2006 and 2008. Wardle then worked as an offensive security researcher for years before to engage in independent research on Apple. macOS defensive security. Since 2015, Wardle has developed free and open source macOS security tools under the umbrella of his Objective-See Foundation, which also organizes the Apple-focused Objective by the Sea conference.
Its co-founder is Mikhail Sosonkin, who was also an offensive cybersecurity researcher for years before working at Apple between 2019 and 2021. Wardle, who described himself as “the mad scientist in the lab,” said Sosonkin was the “right partner” for him. necessary to realize his ideas.
“Mike may not brag, but he’s an incredible software engineer,” Wardle said.
The idea behind DoubleYou is that compared to Windows, there are still only a few good security products for macOS and iPhone. And that’s a problem because Macs are becoming an increasingly popular choice for businesses around the world, which means malicious hackers are increasingly targeting Apple computers as well. Wardle and Sosonkin said there aren’t as many talented macOS and iOS security researchers, which means companies are struggling to develop their products.
Wardle and Sosonkin’s idea is to take the hackers’ playbook for systems attack and apply it to defense. Several offensive cybersecurity companies offer modular products, capable of delivering a complete exploit chain, or just a component of it. The DoubleYou team wants to do just that, but with defensive tools.
“Instead of building, like, a complete product from scratch, we really took a step back and asked ourselves, ‘Hey, how do offensive adversaries do this?’” Wardle said in an interview with TechCrunch. “Can we basically adopt the same model of democratizing security, but from a defensive perspective, where we develop individual capabilities that we can then license and integrate to other companies into their security products ? »
Wardle and Sosonkin think they can.
And while the co-founders haven’t decided on the full list of modules they want to offer, they said their product will definitely include a core offering, which includes analyzing all new processes to detect and block untrusted code (which in MacOS means they are not “notarized” by Apple), and monitor and block anomalous DNS network traffic, which can uncover malware when connecting to domains known to be associated with hacking groups. Wardle said these, at least for now, will be primarily for macOS.
Additionally, the founders want to develop tools to monitor software that wants to become persistent – a hallmark of malware – to detect cryptocurrency miners and ransomware based on their behavior, and to detect when software is trying to obtain permission to use the webcam and microphone.
Sosonkin described it as “an out-of-the-box catalog approach,” where each customer can choose which components they should implement in their product. Wardle described it as being a supplier of auto parts, rather than the manufacturer of the entire car. This approach, Wardle added, is similar to the one he took when developing the various Objective-See tools such as OverSight, which monitors microphone and webcam usage, and KnockKnock, which monitors whether an application wants to become persistent.
“We don’t need to use new technology to make this work. What we need is to use the tools available and put them in the right place,” Sosonkin said.
Wardle and Sosonkin’s plan, for now, is to resort to no outside investment. The co-founders said they wanted to remain independent and avoid some of the pitfalls of outside investment, namely the need to scale too much and too quickly, which would allow them to focus on developing their technology.
“Maybe in some ways we’re a bit like foolish idealists,” Sosonkin said. “We just want to detect some malware. Hopefully we can make some money from the process.
