Two veteran security experts are launching a startup aimed at helping other cybersecurity product manufacturers improve their ability to protect Apple devices.
Their startup is called DoubleYou, and the name is taken from the initials of co-founder Patrick Wardle, who worked for the National Security Agency from 2006 to 2008. Wardle then worked for years as an offensive security researcher before transitioning to independent research for Apple. Defensive security for macOS. Since 2015, Wardle has been developing free, open-source macOS security tools under the Objective-See Foundation, which also hosts the Apple-focused Objective By The Sea conference.
His co-founder is Mikhail Sosonkin, who was also an offensive cybersecurity researcher for years before working at Apple from 2019 to 2021. Wardle, who described himself as a “mad scientist in the lab,” said Sosonkin was “the right partner.” His ideas needed to become reality.
“Mike may not overhype himself, but he's a great software engineer,” Wardle said.
The idea behind DoubleYou is that there are still fewer good security products for macOS and iPhone compared to Windows. And this is a problem. That's because Macs are becoming a more popular choice for businesses around the world, which means malicious hackers are also increasingly targeting Apple computers. Wardle and Sosonkin said there aren't that many talented macOS and iOS security researchers, meaning companies are struggling to develop products.
Wardle and Sosonkin's idea is to take a page from the playbook of hackers who specialize in attacking systems and apply it to defense. Some offensive cybersecurity companies offer modular products that can provide a complete chain of exploits, or just one of its components. The DoubleYou team wants to do just that, but with defensive tools.
“Rather than, say, building an entire product from scratch, we really took a step back and thought, 'How would an attacker do this?'” Wardle said in an interview with TechCrunch. Ta. “You could essentially take the same model of democratizing security from a defensive perspective and develop individual capabilities, license them out, and have other companies integrate them into their security products. Do you want it?”
Wardle and Sosonkin believe it can be done.
And while the co-founders haven't decided on the complete list of modules they want to offer, they said their product will definitely include a core product. This also includes the ability to analyze all new processes to detect and block untrusted code (in MacOS this means they are not “notarized” by Apple), abnormal DNS Monitor and block network traffic. This allows malware to be discovered if it connects to domains known to be associated with hacking groups. Wardle said these will primarily be for macOS, at least for now.
The founders also monitor software that wants to persist, which is characteristic of malware, and detect cryptocurrency miners and ransomware based on its behavior, and when software attempts to obtain permission to use a webcam or microphone. I would like to develop a tool to detect timing.
Sosonkin described this as a “ready-made catalog approach,” allowing all customers to choose the components they want implemented into their products. Wardle explained that the company is more of a supplier of auto parts, rather than a manufacturer of entire vehicles. Wardle added that this approach is similar to the approach he has taken in developing various Objective-See tools, such as his Oversight, which monitors microphone and webcam usage. Another thing he does is KnockKnock, which monitors whether the app persists or not.
“We don't need to use new technology to make this work. What we need to do is actually take the tools that are available and put them in the right places,” Sosonkin said.
Wardle and Sosonkin's plan is not to take any outside investment for now. The co-founders want to maintain their independence and avoid some of the pitfalls of getting outside investment, namely the need to get too big or too fast, and focus on developing their technology. said.
“In some ways, we're like foolish idealists,” Sosonkin says. “We just want to catch malware. We hope to make some money in the process.”