Ex-NSA hacker and ex-Apple researcher launch startup to protect Apple devices

Lorenzo Franceschi-Bicchierai
Updated ·4 min read

Two veteran security experts are launching a startup that aims to help other makers of cybersecurity products to up their game in protecting Apple devices.

Their startup is called DoubleYou, the name taken from the initials of its co-founder, Patrick Wardle, who worked at the U.S. National Security Agency between 2006 and 2008. Wardle then worked as an offensive security researcher for years before switching to independently researching Apple macOS defensive security. Since 2015, Wardle has developed free and open source macOS security tools under the umbrella of his Objective-See Foundation, which also organizes the Apple-centric Objective by the Sea conference.

His co-founder is Mikhail Sosonkin, who was also an offensive cybersecurity researcher for years before working at Apple between 2019 and 2021. Wardle, who described himself as “the mad scientist in the lab,” said Sosonkin is the "right partner" he needed to make his ideas reality.

“Mike might not hype himself up, but he is an incredible software engineer,” Wardle said.

The idea behind DoubleYou is that, compared to Windows, there still are only a few good security products for macOS and iPhones. And that’s a problem because Macs are becoming a more popular choice for companies all over the world, meaning malicious hackers are also increasingly targeting Apple computers. Wardle and Sosonkin said there aren’t as many talented macOS and iOS security researchers, which means companies are struggling to develop their products.

Wardle and Sosonkin’s idea is to take a page out of the playbook of hackers that specialize in attacking systems, and applying it to defense. Several offensive cybersecurity companies offer modular products, capable of delivering a full chain of exploits, or just one component of it. The DoubleYou team wants to do just that — but with defensive tools.

“Instead of building, for example, a whole product from scratch, we really took a step back, and we said ‘hey, how do the offensive adversaries do this?’,” Wardle said in an interview with TechCrunch. “Can we basically take that same model of essentially democratizing security but from a defensive point of view, where we develop individual capabilities that then we can license out and have other companies integrate into their security products?”

Wardle and Sosonkin believe that they can.

And while the co-founders haven’t decided on the full list of modules they want to offer, they said their product will certainly include a core offering, which includes analyzing all new processes to detect and block untrusted code (which in MacOS means they are not “notarized” by Apple), and monitoring for and blocking anomalous DNS network traffic, which can uncover malware when it connects to domains known to be associated to hacking groups. Wardle said that these, at least for now, will be primarily for macOS.

Also, the founders want to develop tools to monitor software that wants to become persistent — a hallmark of malware, to detect cryptocurrency miners and ransomware based on their behavior, and to detect when software tries to get permission to use the webcam and microphone.

Sosonkin described it as “an off-the-shelf catalog approach,” where every customer can pick and choose which components they need to implement in their product. Wardle described it as being like a supplier of car parts, rather than the maker of the whole car. This approach, Wardle added, is similar to the one he took in developing the various Objective-See tools such as OverSight, which monitors microphone and webcam usage, and KnockKnock, which monitors if an app wants to become persistent.

“We don't need to use new technology to make this work. What we need is to actually take the tools available and put them in the right place,” Sosonkin said.

Wardle and Sosonkin’s plan, for now, is not to take any outside investment. The co-founders said they want to remain independent and avoid some of the pitfalls of getting outside investment, namely the need to scale too much and too fast, which will allow them to focus on developing their technology.

“Maybe in a way, we are kind of like foolish idealists,” Sosonkin said. “We just want to catch some malware. I hope we can make some money in the process.”