Two veteran security experts are launching a startup that aims to help other cybersecurity product makers up their game in protecting Apple devices.
Their startup is called DoubleYou, the name derived from the initials of its co-founder, Patrick Wardle, who worked at the US National Security Agency between 2006 and 2008. Wardle then worked as an offensive security researcher for years before moving into independent defense security research of Apple macOS. Since 2015, Wardle has been developing free and open source macOS security tools under his umbrella Objective-See Foundationwhich also organizes the Apple-centric Objective By The Sea Conference.
Its co-founder is Mikhail Sosonkin, who was also an aggressive cybersecurity researcher for years before joining Apple between 2019 and 2021. Wardle, who described himself as “the mad scientist in the lab,” said Sosonkin is the “right partner” was needed to make his ideas a reality.
“Mike may not advertise himself, but he’s an incredible software engineer,” Wardle said.
The idea behind DoubleYou is that, compared to Windows, there are still only a few good security products for macOS and iPhone. And that’s a problem because Macs are becoming a more popular choice for companies around the world, which means malicious hackers are also increasingly targeting Apple computers. Wardle and Sosonkin said there aren’t that many talented macOS and iOS security researchers, which means companies are struggling to develop their products.
Wardle and Sosonkin’s idea is to take a page out of the playbook of hackers who specialize in attacking systems and apply it to defense. Several aggressive cybersecurity companies offer modular products, capable of delivering a full chain of exploits or just one component of them. The DoubleYou team wants to do just that — but with defensive tools.
“Instead of building, say, an entire product from scratch, we really took a step back and said, ‘oh, how do aggressive adversaries do this?’ Wardle said in an interview with TechCrunch. “Can we basically take the same model of essentially democratizing security, but from a defense perspective, where we develop individual capabilities that we can then license and integrate other companies into their security products?”
Wardle and Sosonkin think they can.
And while the co-founders haven’t decided on the full list of modules they want to offer, they said their product will definitely include a core offering, which includes analyzing the entire new process to detect and block untrusted code (which on MacOS it means not “authenticated” by Apple) and monitors and blocks anomalous DNS network traffic, which can reveal malware when connected to domains known to be associated with hacking groups. Wardle said that these, at least for now, will be mostly for macOS.
Also, the founders want to develop tools to monitor software that wants to become persistent – a feature of malware, to detect cryptocurrency mining and ransomware based on their behavior, and to detect when software tries to get permission to use the webcam and the microphone.
Sosonkin described it as “an off-the-shelf catalog approach,” where each customer can pick and choose which parts they need to apply to their product. Wardle described it as a supplier of car parts, rather than a manufacturer of the whole car. This approach, Wardle added, is similar to the one he took when developing the various Objective-See tools, such as Supervision, which tracks microphone and webcam usage. and Knock Knockwhich monitors whether an application wants to become persistent.
“We don’t need to use new technology to make this work. What we need is to really take the tools available and put them in the right place,” Sosonkin said.
Wardle and Sosonkin’s plan, for now, is not to make any outside investment. The co-founders said they want to remain independent and avoid some of the pitfalls of getting outside investment, namely the need to scale too much and too quickly, which will allow them to focus on developing their technology.
“Maybe in a way we’re like foolish idealists,” Sosonkin said. “We just want to catch some malware. I hope we can make some money in the process.”
