From Building The Worlds Most Powerful Malware To Building The Worlds Most Secure Phone Artwork

Security Unfiltered

Cyber Security can be a difficult field to not only understand but to also navigate. Joe South is here to help with over a decade of experience across several domains of security. With this podcast I hope to help more people get into IT and Cyber Security as well as discussing modern day Cyber Security topics you may find in the daily news. Come join us as we learn and grow together!

All Episodes

Security Unfiltered

From Building The Worlds Most Powerful Malware To Building The Worlds Most Secure Phone

October 21, 2024 • Joe South • Episode 173

Send us a text

A cybersecurity journey like no other awaits as we welcome a guest with a formidable background, shaped by their experiences in the Israeli military's elite 8200th unit. This exceptional career path led them from the rigors of military service to the academic halls of the Technion—Israel's very own MIT. We uncover how their military training instilled a unique blend of independence and early responsibility, setting the stage for their significant contributions to the tech world. The conversation flows seamlessly from past to present, as personal anecdotes bring a tangible sense of nostalgia, highlighting the timeless aspects of technology amidst its relentless evolution.

Our discussion takes a thrilling entrepreneurial turn as our guest shares their pioneering efforts in the realm of secure communication. From mobile graphics to R&D management, they recount their journey toward founding a company dedicated to privacy-focused smartphone solutions. The narrative of "Unplugged" unfolds—a venture born out of the pressing demand for secure, private devices. With the rise in privacy awareness and improved supply chain accessibility, our guest reveals how these factors have democratized innovation, allowing even small companies to make a mark in the hardware space.

The intricacies of mobile security and data privacy are laid bare as we compare Android and iPhone architectures. Our guest captivates us with their firsthand experience in a cybersecurity course, where Apple's preemptive patching contrasted sharply with a swift Android exploit. This conversation extends to the broader issues of data privacy, exploring how major tech companies manage user data and the monetization behind it. As we ponder the future of privacy and security in the digital age, our guest's insights illuminate the path forward, underscoring the multifaceted challenges and opportunities that lie ahead.

Support the show

Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today

Speaker 1: 0:54

how's it going around? It's, uh, it's great to get you on the podcast. You know, we kind of put this together I guess, for my standards, right for scheduling a guest. We put it together like last minute, even though it was like two months ago, yeah, at this point. But like at this point in time, like with the podcast, it's interesting, right, because I always want to get people on like as quickly as possible. But then I I look at my backlog and I'm like, well, shit, like their, their episode wouldn't even go live for six months. So it's like, okay, we got to push this out. You know a bit like make it more reasonable and whatnot. But yeah, it's a real, it's a real pleasure and honor to have you on the podcast today.

Speaker 2: 1:32

Thank you. It's very nice to be here, nice to, to, to have the opportunity, uh, to present me and the company and be in this podcast.

Speaker 1: 1:44

Thank you, yeah, yeah, absolutely. You know, for, for those, for those not very familiar with the podcast, right, and how we kind of structure it, you know, I, I get guests pitched to me every single day, right, every single day someone new is pitching me. This time, right, I actually pitched you to come on the show, and when I do that, I don't do it very often, but when I do that, you know, it's because you do something really interesting. You've created something really interesting that I believe in personally, right. So I start everyone off with kind of giving their background. What made you want to get into cybersecurity? What made you get into IT? Was there a point in time where you know, when you're looking back, you're like, oh, that experience with my dad or my older brother, whatever it might be, with this computer kind of opened my eyes to the world of technology. You know, what would that be for you?

Speaker 2: 2:34

So I think everything started, you know, in the military service. I served in the Israeli military, in the IDF. I was in the 8200th unit, if you're familiar with it, which is the technology intelligence unit. That's where everything started for me. Then I went to the Technion to have my degree, which is equivalent to MIT, to do the comparison, and so that's where everything started for me. Wow, yes.

Speaker 1: 3:11

So was there any interesting projects or things that you could, you know, kind of discuss a little bit like in loose details, right? That you did when you were, you know, in the IDF group. I've had a lot of you guys on and it's always interesting to just hear the specialties and like how broad the specialties are right, Because Israel is known for having top-tier cybersecurity talent within the military component and whatnot. It's always fascinating to me.

Speaker 2: 3:47

Yeah, so first, we're talking about over 25 years ago, so it's a long time ago. But in the IDF regardless by the way, which guns, by the way which you are you are there to be independent. So you are starting to getting mature much faster than I think anywhere else, because you get a lot of responsibilities again, whether you're in the field with guns or whether in the back office with the technology. So I think that's a great advantage for Israeli, even though it's a mandatory service for everyone. But it also gives you life experience very early. So I think and it's well discussed in many places about why Israel is a startup nation, so a big part of it is the idea. So the idea. I cannot really talk about what I did there, but you can understand that we're talking about cyber projects that get your experience. Again, we're talking about almost 25 years ago. It only changes all the time, but, uh, um, the same thing that you know. Give me a really, really big push, uh, in this field yeah, it's fascinating.

Speaker 1: 5:12

You know, man, I, I was, I was with a friend over this weekend, right, and uh, they, they had their like seven or eight year old there we were watching a football game and you know, we we brought up like, oh, that was 20 years ago, right, and it kind of felt like, kind of felt like yesterday. Honestly, like I, I remember I remember that time frame like very well, it was a lot of fun for me and you know, we were talking about it. You know it was like in 2005, right, we were talking about like this thing that happened 20 years ago and their kid was like wait a minute, that's 20 years ago. And we're like, wait, what, what don't say that. And then, two, you know that that's like crazy, that we're like, you know, thinking about this memory, right, that we experienced 20 years ago and it's still so fresh in our minds and whatnot.

Speaker 1: 6:03

Yeah, it's interesting how that kind of could translate, you know, potentially to like technology, right, because, like the things 20 years ago, you typically think that those are, like, you know, dead pieces of malware, right, or dead pieces of technology just overall, but some of that stuff, some of that stuff, surprisingly, is still around, right. I mean, is that true? Maybe I'm wrong. Maybe they tweak it so much that it's no longer the same thing. What's your opinion on that?

Speaker 2: 6:36

So that really depends. You know what kind of technology I mean. You see today that you know technology evolved really fast on one end or the other and some things are still traditional. So that really depends. You know, talking about maybe traditional areas where technology you know improves a little bit slower, especially in the military, medical stuff like that, more conservative domains, I think they are getting even faster today. So everything gets really fast.

Speaker 1: 7:17

Yeah, yeah, that's very true. I mean, like today, you know, for instance, we have the Apple event, right, and, like you know, I'm sure that new chip is going to be 10 times, 15 times faster than the one I have in my laptop right now, which was like their first gen Apple Silicon. You know, yeah, it's fascinating even to see. You know, I'm on the technical side of it, right, so it's fascinating when I see, like these software, you know, manufacturers, or even hardware manufacturers, and they have, you know, the capability to still have that old piece of software running on their machine, it like intrigues me a little bit. It's like, man, like how did they think this through to have, like these, you know, these plugins by default and these languages and what not, like pulled in libraries and whatnot. It's, it's fascinating, right, but we don't have to go down that rabbit hole, right, like we'll, we'll talk about that forever.

Speaker 1: 8:13

When you were, when you were getting out of the IDF, you was that like, did you have trouble finding your next thing? And I ask that because, in America, when I talk to these guys from the NSA and from the CIA and whatnot, they can't talk about what they did for like five to seven years right. So they have to like fabricate their experience, they have to fabricate their history right and hopefully find a job and if they make it past like that seven year mark, you know like they're able to like kind of open the door into like oh yeah, I was a spy, or oh yeah, I hacked, you know, for the NSA and things like that. Is that the same kind of, I guess, mentality in Israel, or is it different?

Speaker 2: 9:01

So back these days it was very clear for me that you know, after I finished the military service, I go to the tech union to get my degree. I think that it's a little bit different today, because it's getting really hard to get to those units today and if you're good at what you are doing, you don't need to have any degree. You can just find a job and since companies in Israel are full of employees that went out from these units, you can discuss a little bit about what you did and you can go directly from the military service to work without even having a rebound. You know, 25 years ago this, I'm not having it again. I think that for me, gave me a more mature academic background for what I'm doing today.

Speaker 2: 9:55

And I think you know there's an increasing demand for software engineering all over the world, especially in Israel. You can see, even I know, that big companies, even Google, facebook, apple that have big offices in Israel, they have a list of many open jobs for a long time. So it's not about software engineers today and this is why you know employees, many of them are jumping directly from the IDF. They can't enforce to direct employment with those giant or other sort of means. So that's the difference. It's getting a little bit different than it used to be huh, yeah, that is.

Speaker 1: 10:43

I mean I'm sure that, like all of those big tech companies, would you know, market their services, their opportunities in Israel. Just it being such a such a plethora, right of good experience, right, high skill sets and, like you said, like the 8200 group, it's becoming more and more difficult to get into it. Right, like that is maybe the most elusive thing. Right, like the same thing in the States here. Right, like with the NSAsa, the cia, like if you say that you were a hacker for the nsa, I mean people will, will fire their entire red team for you. Like they'll, literally, they'll just give you whatever you want. It's like, oh yeah, I don't like working with this guy. Okay, he's fired by the end of the day. What else?

Speaker 2: 11:36

Again, the industry in Israel is not only subsidiary of Ford. There's a big variety of software companies, especially software companies, also other companies in Israel. It's important, yet not the biggest domain in Israel.

Speaker 1: 11:56

So why do you think that that is right you kind of touched on it a little bit before where, when you're in the military or in that group, you get the opportunity to kind of decide your own work right mentality, where you're able to identify a gap right that that you may have with the current tool set or whatever that it might be that you're using right, and so then you start creating something from scratch. And it's that experience that kind of builds upon itself, because you have to view things from like a very much a reverse engineering mindset, right. I'll give you an example. I have a good friend of mine that was a cyber warfare officer for the Navy, right, he doesn't talk about it publicly or anything like that. But I asked him like, finally it took me like weeks to get out of him what he actually did, you know and he said, yeah, like I created the proprietary sim and edr solution for the navy.

Speaker 1: 13:02

And I said what do you mean by create? Like there's crowd strike out there, like why would you create something that's already been created? Right, like it doesn't make sense to me. And he, he literally explained it like yeah, they give you no budget and they give you a task create this thing, and if you don't, you're going to be off the team, like that's plain and simple, right. And so this guy you know we're evaluating like a CSPM solution, and he's, he's sitting here in the background, he's like I could create it for you know this amount of money and this, and that, hey man, we're not in the military anymore Like we're. We're not in the military anymore Like we're. We're. We're buying a solution. We're not creating, you know, some like brand new solution that only you know about opens us up to a lot of risk. Is it? Is it that mentality of like reverse engineering that you know, you think like pays dividends in other areas of technology and whatnot?

Speaker 2: 13:52

So let's say it's 200 units so, for example. So if you try to compare it to a standard company, the way they are working, so we have commanders that you can compare it to your boss, so it's very similar. It's more civilian than other units in the military. On some domains, you need to be very creative. On some domains, you need to be very creative. On the others, you have long-term projects that you're working on. It can be a few years, with many people working on them, and you have a very clear schedule of what you're going to do. So it really depends on what you're doing. Again, this is the biggest thing with the idea. So that really depends on what you are expected to do. You can be either creative or the project. Either way it's very interesting.

Speaker 1: 14:47

Yeah, yeah, absolutely. So when you got out of your school right, the MIT of Israel and whatnot where'd you go from there? Where'd you find yourself?

Speaker 2: 14:58

So I worked for the Tech Union. I was like one of the professors in computer and graphics actually. So I think I was one of the first professors in the world that touched programmable GPUs, and we did it for research. And then I started my first job in this domain. I worked here for two years. I joined a startup right after the founders raised money. My first job was an R&D manager of a very small startup that did very sophisticated things with computer graphics on mobile phones.

Speaker 2: 15:44

Back these days it was, I think, six, seven, something like that no iPhones, no Android phones. Iphone was not launched yet. We worked on similar devices. You mentioned it before. Like an ancient history. It was only, I mean, 16 years ago, something like that. 30 years ago we didn't have any iPhones or Android devices. So I worked then and then, with a friend of mine, we had an idea. Smartphones sort of became a thing, and if you remember smartphones for example, symbian, if you remember by Nokia they were very complicated for users. I mean, if you want to set up your email, if you were not tech savvy you couldn't do it and smart home started to become more and more popular. Again, that's only the beginning of iPhones and Android and we had an idea that those users needed some help from the support center. So why wouldn't we give them some help or the call center help by remote controlling those smartphones? So the customer is calling the call center and the agent is able to remote control his smartphone and do the job for it. So we did that. We founded our own company and raised money and went to some of the call centers in the world in Israel, in India. We also had a pilot with AT&T in USA and I was in this company until three years ago.

Speaker 2: 17:40

But this company did some pivot during that time. So it started to offer some management solutions for enterprises like MDMs and eventually this company completely pivoted. What the company is doing and did a secure operating system for enterprises. But the focus was about, I would say, connecting devices and equipment that needs secure communication. I'll give you an example. So let's say you have a pacemaker and you get you know in the operating room. This pacemaker is coming with a smartphone today. So the pacemaker is implanted and it is connecting via the smartphone to the manufacturer facilities. So originally those manufacturers they used off-the-shelf devices like Samsung. There are some that are still using.

Speaker 2: 18:51

The idea was to curate the devices. That is dedicated for this mission. So we need to be secure, we need to be managed in a way that you know we have a fleet of devices, so we need to be secure. We need to be managed in a way that you know we have a fleet of devices and you need to have, like, a long-lived supply chain, because you know consumer devices, they're manufactured and then after a year, you know, no one is manufacturing them In the medical industry, thinking about pacemakers and insulin injectors. They're long-lived and they, you know, proceed to approve them via the FDA. So this is what this company is doing. It's actually still doing it today With AT&T, by the way, for some of their end customers, but for me it was, you know, after so many years there.

Speaker 2: 19:35

And then we had the idea, you know, we want to make a real private, secure phone for the end users, not for enterprises or governments, which is what we did in my previous company, and I think the focus is not only privacy and security but also making everything convenient, because what we discovered, you know, in my old company, is that when you know, you know users were interested in a product, but you need to be very have very technical understanding of how to operate a device that doesn't have the convenience of a normal smartphone. And then we decided to found Unplugged. So Unplugged was like a certain evolution of what I did before. I gained all my experience with both hardware and software from my old company and, besides that, I know there were a few attempts to do such a smartphone experience with both hardware and software from my old company, and we decided to do. You know, I know there were a few attempts to do such a smartphone and we tried to analyze, you know what, why those companies didn't make it. I mean, there's clearly a demand for some products, but they were not very successful. So when we tried to analyze and understand you know, do we need to found this company?

Speaker 2: 20:59

We understand that several things were changed in the last few years. The first thing is that privacy matters for many users much more than before, because they are realizing how their data is collected, shared, monetized, and there's a lot of awareness for such products. Another thing is that, unlike five, six, seven or ten years ago, for a small company it was nearly impossible to create a good hardware because the supply chain was very different. All the big manufacturers controlled the hardware. They had access to the high-end hardware which small companies cannot even finance. But today small companies can build their own smartphone from scratch. I mean, you still need some funds to do it, but it is possible. And if you notice today you know if you have your latest iPhone or Samsung device, you want to convert to the new version of the hardware. There's not much of a difference between every year.

Speaker 1: 22:17

Yeah.

Speaker 2: 22:18

I mean like almost nothing, yeah, version of Diablo.

Speaker 1: 22:20

There's not much of a difference between every year.

Speaker 2: 22:21

Yeah, I mean like almost nothing. Yeah, it's more on paper than simply you can notice. I mean the software is almost everything. So, yes, you can maybe get a slightly better camera or a faster CPU that no one will notice, except if you're a hard gamer or trying to do something that you don't need to do on your smartphone from a CPU perspective. So that gives the opportunity to do it.

Speaker 2: 22:43

But the third reason I think that all previous attempts were failing is because the user experience was not good. And basically, creating a privacy phone means that you must not have Google on your device. It's a difficult device and that is very inconvenient. Yes, so even for those users that want to understand the importance of privacy, having such a phone is very inconvenient and if you see the pure extent, it's not a usable device. So we realized that our mission is to create not only a privacy in a private and secure phone, it's to create a convenient somewhere that no other user can use.

Speaker 2: 23:33

During this path we also realized you know it was obvious for us that the USA market is the biggest market for such devices. We're going to launch it on international territories later. We realized that you know we need to do something really good here. So in USA what you see is that you know most users are most customer consumers are buying their phones from carriers and even that transition from buying a device from carrier to the open market is a challenge in USA. You know everyone in the world not everyone else, but most places in the world take Europe, for example you can see a big part of the market is buying from the open market. I mean not from the carry. We just realized that you know many consumers don't even know what a SIM card is. So realizing that that's a big challenge for us and this is what we're trying to achieve creating a convenient phone, secured phone, private phone and focusing on the support and doing the transition.

Speaker 1: 24:49

So let's talk about that a little bit. Right, let's dive into this. You know, when I was getting my master's in cybersecurity and one of the courses was mobile security, right, and we were really comparing, I was getting my master's in cybersecurity and one of the courses was mobile security, right, and we were really comparing the architecture of Android to iPhones and this was back in 2018, you know. So I'm sure it has changed some at this point. Probably, honestly, it's probably more on the Android side than the iPhone side, right, because iPhone focused more specifically on, like, supply chain security to some extent, right, having their own chips in it and whatnot. But a part of this course was to actually, you know, find a vulnerability. It could be already known, could be whatever. It is right, find a vulnerability, exploit it on the device of your choosing, and so I wanted to make this a little bit difficult, right, I want to make it a little bit challenging and I wanted to find a vulnerability, you know, with Bluetooth on an iPhone. Right, found the vulnerability, tried to exploit it. I spent 36 hours trying to exploit it, something that was never going to work because, basically, apple did a silent security update, literally two weeks before I started trying this thing, and it was literally for this Bluetooth exploit. I go and I attempted on Android. Within you know, maybe 15, 20 minutes, I have root on the device and I'm able to control everything about the device, right, like that was. That was a huge difference to me. That was a huge eye opening. You know, kind of event, right, maybe, and I'm a terrible hacker, I mean, like, I don't even claim to be a hacker, like you know, if anyone were to approach me at, like, def CON or something like that, right, like I am not doing capture the flag events or anything like that, like you know, I'll go watch, right, but I, I'm not, I'm not over here trying to hack stuff. But that that experience, though, even knowing, you know, having that self-awareness, like hey, I'm not good at this, this isn't like my forte in security for it to be that easy with android it kind of swayed me more heavily even towards iphone. And the reason why I went from Android to iPhone, you know, probably 10 years before that, right, what was?

Speaker 1: 27:02

Because of the ease of use, right, I had a very bad experience with Android. I was downloading things from the Google Play Store that had malware on it. It had millions of downloads, right, like the Facebook app. You know, the Facebook app had millions of downloads, or whatever it was when I had an Android. I'm downloading the Facebook app. You know, the Facebook app had millions of downloads, or whatever it was, when I had an Android.

Speaker 1: 27:18

I'm downloading the Facebook app and it has malware in it, right, and this malware is like impacting my device pretty significantly, like the performance is insanely decreased. You know everything about it, right, and so I, with that experience and I even talked to like Android support at the time and said how the hell is this happening? This has happened three times to me. I'm literally going to your own Play Store and downloading it this is even before me getting into cybersecurity and they're saying well, you're downloading it. It has malware in it, yeah, and there's no way to tell, and I'm sitting here, like Google, it's your Play Store. You don't have a way of telling if it has malware in it.

Speaker 2: 28:03

So you touched so many interesting points. I try to remember what you were talking about, but let's start with that. So you're talking about maybe 10 years ago, right? So back these days, apple was very close. You could not do much on the iPhone as a developer. On the other hand, google had everything open. I mean like almost everything, and that not only means from a developer perspective what you can do on the phone, all the APIs, but also in terms of the Google Play Store. You can upload an application to your store. No one will even verify that. No one will look at it on the app. They're not even automatic scanning of the apps. Permission usage was if you could use it, then you could upload it to the store.

Speaker 2: 29:01

Both Google and Apple did some changes. So Apple became a little bit more open. They gave the developers more options. On one hand, google started becoming more secure in their place let's talk about Android itself in a second. But today it's harder to upload an application to Google. There is some verification process for you as a developer for your app. They restricted a lot of things that you can do with your applications. Permissions were downgraded. I mean you cannot do anything that you want to do as you used to be and the whole operating system is becoming more secure, but again, we'll talk about it later.

Speaker 2: 29:48

So things are changing all the time and in the case of Google, they also have the problem of the large device variety. So you have so many devices out there, so many versions of the operating system, and they had to do some work in order to make sure that those that are out there can maintain all the security updates. And they did a good job there to be better and give the manufacturers better support in upgrading the operating system, making the upgrade easier for them. We see it's not by ourselves. So we launched our operating system based on Android 13. We are updating to Android 14 this year. The process is not very hard for us, even though we did many changes in the operating system based on Android system for more security and for our needs, and it looks much better Now, if we're talking about the Android operating system, android used to be very light back these days.

Speaker 2: 31:03

You know we are device manufacturers, so we are in charge of the operating system. I see the Android source. Actually, anyone can see the AOSP tree. We see the old BSP tree, including the drivers and everything and that is becoming a huge piece of code, and most of the changes are related to security, and more and more layers are added to prevent, to make the operating system more secure, what is exposed to other apps, for example, something that used to be very open, even a few years ago, now much more close Stuff like that. That permission mechanism was evolved. What person is giving to built-in applications on the phone? So Android has become like a huge monster and many code changes are made in the Android operating system to support this agenda.

Speaker 2: 32:11

Having said that, the more code you add, the more vulnerabilities that you can potentially enter the operating system. That actually brings a different topic, because we discussed about iOS versus Android. So iOS is a closed source and Android is not, and many vulnerabilities are discovered because it's an open source on one hand. On the other hand, apple closed source policy prevents someone from you know, take a look in the source code and find vulnerabilities. So I assume that potentially more vulnerabilities exist on Apple, even though probably they are much harder to be found.

Speaker 1: 32:48

That's interesting. Yeah, that is fascinating. You know, the last time I looked at like the device architecture of iPhone versus Android, right, just kind of an overarching architecture, you know, it seemed like the iPhone kind of protects the user from the user, right, like they have sandboxes for their apps, they have sandbox for their user space, they have it separated from the operating system, even, right, and there's very specific like keys that you have to use to unlock each of those components and whatnot. And you know, even, like if you were going to, you know, take it, take your iPhone right to an Apple dev and say, you know, open a terminal and troubleshoot this thing, like they would have to have a very specific key with a very specific you know cable that's plugged into it, probably within the geofence of you know Apple campus and whatnot, right, all of those things have to line up for them to be able to do that, which I mean, at least from my opinion, right, like I haven't seen it from your side, where potentially you're actually actively thinking of new ways to exploit devices. Right, because I mean, that's probably how you, you know, built unplugged to some extent, right, like it's like, well, what's what's available right now to exploit devices and what's coming in the future to exploit devices. I don't know it from that angle, but at least from my angle, it seems like, okay, iphone gets me, you know, 85, 90% of the way there in terms of security. So I'm going to go with that right. And then I heard about the unplugged device, which was very tempting to me. Right, because I don't know if you've listened to the podcast very much, but right before Russia invaded Ukraine, right On the podcast I was calling out Russia, right when everyone else was saying, oh, it's a war exercise or whatever it is.

Speaker 1: 34:45

You know, it's like, hey, they have tanks on the border for a reason, like they're not just amassing to amass and they're not doing this war exercise directly on the border for no reason. You know, I was actively calling them out and I do the same thing with China and whatnot. And it was interesting, literally the day that Russia invaded Ukraine, my podcast got blackholed or blacklisted in all of Russia, china, Iran, basically all enemies of America and Israel, they all just blacklisted my podcast immediately. Oh, it wasn't a substantial portion of my traffic, but it was enough for me to be like I used to get 15% from Russia and now I get nothing, you know. So it's like okay, you know so it's like okay, you know, that's. That's a substantial difference.

Speaker 1: 35:31

And very, I guess, very interestingly, right at the same time I started getting very, very odd attacks, you know, on my, on my PCs, on basically any PC that was at home, which was very interesting to me because I host a podcast. Right, like, what the hell am I going to do? How am I even, like seen as like a threat to the state of Russia or China or anything like that, like you're literally wasting resources, even if it's an automated script that you're running, you're wasting resources trying to like get at me, right. And so that's when I started to kind of go down this whole rabbit hole of how do I secure my devices? Right, like, how do I? I need to have a secure device that I can, that I can use if I need to, that I can ensure is forever secured and in my benefit.

Speaker 1: 36:21

And so that's how I kind of stumbled on the unplugged device. So I say all of that right to kind of pivot, almost right, and build a little bit of context around device. So I say all of that right to kind of pivot, almost right, and build a little bit of context around it. So, the devices that we're currently using iPhones and Androids do you think that their price would be even more significant than they are today if they were not selling our data? Yeah, which is yeah. You think it would be? How much more expensive do you think it would be? Like, what's the difference?

Speaker 2: 36:51

So I think we did some math and I think the rough number that Google's making on let's say, I don't know the Apple's number exactly, but I guess they're similar, maybe even more so we approximate I think you find some, some proof or evidence for it that they make about 150 to 200 every year from you just for holding a smartphone that you know manufactured by apple or google so they're making 150 just from me having the phone.

Speaker 1: 37:27

Yeah Right, that's kind of like the default, that's like the default usage of the phone, without really even like clicking on different ads and stuff. So this is not oh so are they building enough, yeah, okay.

Speaker 1: 37:42

So are they building in a fee when I Google a product, right, like well, let's say, like over the weekend I bought like a torque wrench for my car, right, when I Google torque wrenches, is Google getting a fee from Apple or Apple's getting a fee from Google? And then when I go to Amazon from that link in Google is like Apple getting another fee from Amazon Because I went to their link on their phone. Is that how convoluted it is.

Speaker 2: 38:12

First, I think Google is paying Apple for being a default search in their device.

Speaker 2: 38:16

It's one thing, but you should think about private data, not only about your searches, because the search can be done on a private phone, but let's think you know your location date. So location even not talking about your specific location, I mean your location as a collective data of locations that can be sold to data brokers for different purposes, so they can make money from it or use it for their own product, to build new products. So this is one thing. Let's see one of the challenges that we have. For example, we are the Google show, so we don't have the luxury of using Google network location services, which is a location service that is built from user data, from their Wi-Fi hotspots locations, for example. Think about anything that you're doing on the phone that is not related directly to what you're using, that everything can be used for Google or Apple products and that can leverage other skills. So, um, I mean the number of opportunities just being on your phone as a infrastructure software is, you know, infinite. That's it so okay.

Speaker 1: 39:43

So that is really fascinating and I think I have like two major questions from it right, hopefully I don't forget one of them From the perspective of Google getting device location right. So when I upgraded my iPhone, I upgraded a couple of years ago iPhone 14, I typically like upgrade every four to six years, you know, because kind of like what you said right, like there's not like a giant performance difference. I'm not going to notice it, I'm not going to feel it. It's kind of timed with when they stopped supporting the phone. It's like, okay, I guess I have to upgrade Right, cause I'm not that big of an idiot. You know to where I'm going to have like a super old phone and can't patch it. But when you upgraded to the recent probably you know ios right, it gave you the ability to it. It at least gives you the feel that you're limiting.

Speaker 1: 40:35

How much these apps can you know, gather on you right, google being a great example? I mean, I'm sure someone at google is going to be pissed off at me if they hear this right, right, but you know like when I got, I just remember, right in the search app, it like asked for my location information. Denied, it went into the Nest app Nest owned by Google and sorry about that. Nest requested my, my location information. Right, so I said yes to that because because obviously I want to run a more efficient home, you know I don't want a giant electricity bill. Nest does that thing. You know that deals directly with that. I wonder if they're then leveraging that permission of saying he allowed us for Nest so we're going to do the same thing for, you know, google search locations and whatnot, which would actually kind of make sense for what I experienced recently when I went to a.

Speaker 1: 41:32

So I live in a blue state here in America and I mean, like typically that's not even something that you like have to say or like mention or anything, but it's so divisive or divisive, you know, like now in the world it's like you have to build that context in.

Speaker 1: 41:47

So I live in a blue state and when I went to a red state, I was bombarded with like left material, right, left, centered, left, focused material. I'm completely bombarded with it to the point where, like I thought something was wrong with my phone, right, I thought something was wrong with my devices because it was so off the wall from what I'd normally search. It makes me like recalibrate, like well, how are they actually getting that info right? Like, are they just getting it from GPS information? Because, like that's such a loaded topic, it's such a loaded you know loaded thing to dive into In your opinion, in your own research, because you're basically the expert in the field. Is that what they're doing? Are they kind of leveraging that access in one area to be like, well, it's a Google company, we're going to do it over here too.

Speaker 2: 42:44

First, specifically for the Nest, I'm not sure I need to read their. You know terms and conditions, but you know, think about, let's say, you don't want to share your information, your location data, your inaccurate location, can still be accessed through several methods. For example, you know, if you know the Wi-Fi MAC address that you're connecting to, they can get to your almost exact location, I mean as an app developer, for example. So that may be or may not be blocked in a specific app, but certain apps can access it. But I think I have a good example and about maybe that you know, I think I have a good example about maybe that will give you some evidence about what those companies are trying to do and how apps developers or, let's say, those data brokers, are bypassing. So I want to talk about the Advertising ID. You know it was a few years ago. Everyone had it. It was Apple, google. Apple blocked it. You know, blocked the data from Facebook. Google even, you know, decided that. You know it would not be mandatory. You can even disable it. That should be enough to cut or to stop the efficiency of the add-in industry. So, add-in industry are you familiar with the add-in industry? Maybe I'll explain.

Speaker 2: 44:20

So the add-in industry is a cybersecurity hacking domain that allows a very effective, cost-effective, actually targeting, profiling and getting information about people. So the idea is that, let's say, I want to know your location. All I need to do is to do some advertisement campaign that targets your profile. I know your age or, I would say, approximate location I mean which city you are, what is your interest and then I send some advertisement data to contain your location and then I use this information that I gathered from this campaign to know your specific location, for example. Let's say, for example, I get like 1,000 hits that you know this campaign was. You know 1,000 people that this campaign hits in your city. I know where you're living. I know where you're working. I see only one person with those two locations. I know where you're living. I know where you're working. I see only one person with those two locations. I know it was you. They can trace back all your locations.

Speaker 2: 45:36

So, given that you don't have this head ID, this industry should now be blocked. But that's not the case because I can still profile you from other data on your device. So if I know, you're not even need to know. I need to get your device model, some other characteristics of your phone, a few that those ads can get, like mobile carrier and some other parameters. I can narrow down those parameters like 9, 10, 11 parameters and gather all of them together to give an ID, like a fake ID, to your device. So, even though Google and Apple are trying to blow up and give more secure products in, essentially you know there is some okay, because you know eventually it will not allow all the apps to the way they should. So the into the apps have access to the system, to the data on your phone. You're onto the application tool. So, yes, they're doing a lot in this area, but that is not enough, especially for those attackers that you know will find any way again, even without hacking your phone, to get information about.

Speaker 1: 47:05

That's really. It's interesting. You know, I feel like people always had the mentality it's maybe a legacy mentality, right when they have to, like, hack your actual device in order to, you know, gain information or track you or whatnot. It seems like they don't even have to hack your device anymore. They just have to pay a data broker to get whatever they want. Right, I mean like, and with I mean I I guess with, from what you were saying.

Speaker 1: 47:35

With iphones, with androids, you know, it's basically impossible to to block that stuff.

Speaker 1: 47:43

Right, because it's almost like apple gives you the illusion of privacy and I I mean please correct me if I'm wrong Right, but it seems like they do a bit of a better job than Google overall, right, if we're not, if we're not thinking of this, you know, data broker side of it, right, it seems like they do a good job overall of protecting their users from themselves, protecting their devices.

Speaker 1: 48:06

You know, ensuring privacy, to some extent, it seems like they do a good job of it, but you know, it's like it's difficult because it turns into a situation where one you know, I'm I'm a security person, I'm more aware of it than you know 98, 99% of the population. How in the world is you know someone of the population? How in the world is you know someone like my parents, you know, in their, in their 50s, 60s, right, they're never going to know the difference, they're never going to think about that or anything like that, and so you need a device that's doing it, you know, automatically. Because if, like you said, if apple were to actually make that change on their device, like 95, 99 of the apps on their device wouldn't even work, apple would have to go into the business of recreating all these apps you know themselves to make it work on their device yeah, actually it's.

Speaker 2: 49:00

it's opposed to their business model. It's just opposed to the business model and you, you know, we created in the app phone. One of the biggest things that we put on the phone is a firewall that blocks trackers and ads, not only in the web browser, also in the apps. So, you know, trackers most of the apps have trackers. Some of them are, you know, legit, like from the developers to collect some data about the usage of the app. Some are for just selling the data and, by the way, our new antivirus version that we're going to release later this month will show this information for use. You can install it also on regular inverse phones.

Speaker 2: 49:51

This information, by the way, is public. I mean, most of the users do not know how to access it. They do not know that they should, you know, track those trackers or even have trackers, and antivirus is not even showing this data because they are failing in this area too. They have some trackers by themselves. So this is one thing. Another thing is that, you know, regarding Apple versus Google in terms of software.

Speaker 2: 50:17

So, when you spoke about hackers, I think so, if you know Cetabright, cetabright, they are providing for government agencies the ability to hack to your device.

Speaker 2: 50:34

So if they have a criminal's device, they can hack into the device and collect data. So there's a leaked document from Cellebrite of the brightest about maybe five, six months ago they divided the, the categories for android, iphones and uh, generally speaking, I think. I mean they don't have the solution for the latest iphone, but you just risk three days for that. From my experience, they are always have the ability to hack into the and also to most Androids, and they had a very nice section separated just for Graphene OS on Pixel devices and it's a separated section and it's clear that Graphene OS on a Pixel device is more secure than any iPhone or Android device. So that's very interesting for us. Of course, our understanding is that Graphene OS is not accessible for most of the users. They cannot just do a Pixel phone and flash the device. But there are ways in software, similar things that we are doing, to protect you and an end user.

Speaker 1: 51:57

So what's the OS that the unplugged device is running? You said that it was essentially Android 14 on the back end. What are you calling your branch of Android 14?

Speaker 2: 52:09

So it's LibertOS or Libertos, so it's a variant of Android. It's based on a very clean version of Android. We don't have any Google services. We strip everything off from the operating system and then build on top of the operating system. You know our security and privacy, so it's a standard base.

Speaker 1: 52:30

That's really fascinating. You know, I wish we had more time, but I always try to, you know, stick to the time limit that I give everyone, so you know before I let you go. How about you tell people where they can find you if they wanted to reach out and learn? You know, maybe connect with you right, and where they can find your unplugged device?

Speaker 2: 52:49

Yeah, so unplugged is available at wwwunpluggedcom. Just search for unplugged on any search engine. You can buy the phone today in USA, canada. The phone, by the way, is compatible to most networks around the world. We're just now selling it in USA and Canada only because of certification and logistics. We want to expand. Actually, we're starting our European certificate right now, so our next big market will be Europe and you can actually reach us also in the app messenger. So the app messenger is our secure messenger. You can download for any android or iphone device. Now we have some. We have a group there, like we call the early adopters group, and some of us, including me, are in this group. So you can reach us there. And we have live agent support. That you know from our apps and also from the phone. You can reach our support and, you know, ask questions. We have a lot of information on our website. We'll try to bring more and more information there. The more we ask, the more we put. But again, the FAQs section is quite big already, so you can find.

Speaker 1: 54:15

Yeah, perfect. You know, ron, like I really appreciate you know you coming on the podcast. This is a really fascinating conversation. I definitely want to have you back on in the future to kind of continue our conversation even and do a part two it was great. Yeah, yeah, it was fantastic. I really appreciate it. So you know, thanks for coming on, of course, and I hope everyone listening or watching enjoyed this episode. Bye, everyone, bye. Thank you very much, thanks.

People on this episode

Joe South

Host