Two veteran security experts are launching a startup designed to help other cybersecurity product makers improve their ability to protect Apple devices.
Their startup is called DoubleYou, the name comes from the initials of its co-founder Patrick Wardle, who worked at the US National Security Agency between 2006 and 2008. Wardle then worked as an offensive security researcher for years before turning to independent research at Apple on defensive security for macOS. Since 2015, Wardle has been developing free and open-source macOS security tools under the umbrella of his Objective-See Foundation, which also organizes the Apple-centric Objective By The Sea conference.
Its co-founder is Mikhail Sosonkin, who was also an offensive cybersecurity researcher for years before working at Apple between 2019 and 2021. Wardle, who described himself as “the mad scientist in the lab,” said Sosonkin was the “right partner” he needed to make his ideas a reality.
“Mike may not be exaggerating, but he is an incredible software engineer,” Wardle said.
The idea behind DoubleYou is that there are still few good security products for macOS and iPhones compared to Windows. And that’s a problem because Macs are becoming increasingly popular for businesses around the world, which means malicious hackers are increasingly targeting Apple computers too. Wardle and Sosonkin said there aren’t as many talented macOS and iOS security researchers, which means companies are struggling to develop their products.
Wardle and Sosonkin’s idea is to take a page from the playbook of hackers who specialize in attacking systems and apply it to defense. Several offensive cybersecurity companies offer modular products capable of delivering a full chain of exploits or just a component of them. The DoubleYou team wants to achieve exactly that – but with defensive means.
“For example, instead of building an entire product from scratch, we really took a step back and asked ourselves, ‘Hey, how are the offensive adversaries doing this?'” Wardle said in an interview with TechCrunch. “Can we basically adopt the same model of fundamentally democratizing security, but from a defensive standpoint, where we develop individual capabilities that we can then license and let other companies integrate into their security products?”
Wardle and Sosonkin believe they can.
And while the co-founders haven’t yet decided on the full list of modules they plan to offer, they said their product will certainly include a core offering that includes analysis of any new processes for detecting and blocking untrusted code (which in MacOS means). They are not “notarized” by Apple and monitor and block anomalous DNS network traffic, which can reveal malware when it connects to domains known to be associated with hacking groups. Wardle said that, at least for now, these will be primarily for macOS.
The founders also want to develop tools to monitor software that wants to become persistent – a hallmark of malware – to detect cryptocurrency miners and ransomware based on their behavior, and to detect when software tries to request permission to use the webcam and of the microphone.
Sosonkin described it as “an off-the-shelf catalog approach” where each customer can choose which components they want to incorporate into their product. Wardle described it as a type of auto parts supplier rather than a manufacturer of the entire car. This approach, Wardle added, is similar to the one he took in developing the various Objective-See tools such as Oversight, which monitors microphone and webcam usage; and KnockKnock, which monitors whether an app wants to become permanent.
“We don’t need to use new technology to make this work. “What we need is to actually use the tools available and put them in the right place,” Sosonkin said.
Wardle and Sosonkin’s plan for now is not to accept outside investment. The co-founders said they wanted to remain independent and avoid some of the pitfalls associated with outside investment, namely the need to scale too much and too quickly, so they could focus on developing their technology.
“Maybe in a way we are like stupid idealists,” Sosonkin said. “We just want to catch some malware. I hope we can make some money from this.”