October 21, 2024 • 54 mins
A cybersecurity journey like no other awaits as we welcome a guest with a formidable background, shaped by their experiences in the Israeli military's elite 8200th unit. This exceptional career path led them from the rigors of military service to the academic halls of the Technion—Israel's very own MIT. We uncover how their military training instilled a unique blend of independence and early responsibility, setting the stage for their significant contributions to the tech world. The conversation flows seamlessly from past to present, as personal anecdotes bring a tangible sense of nostalgia, highlighting the timeless aspects of technology amidst its relentless evolution.
Our discussion takes a thrilling entrepreneurial turn as our guest shares their pioneering efforts in the realm of secure communication. From mobile graphics to R&D management, they recount their journey toward founding a company dedicated to privacy-focused smartphone solutions. The narrative of "Unplugged" unfolds—a venture born out of the pressing demand for secure, private devices. With the rise in privacy awareness and improved supply chain accessibility, our guest reveals how these factors have democratized innovation, allowing even small companies to make a mark in the hardware space.
The intricacies of mobile security and data privacy are laid bare as we compare Android and iPhone architectures. Our guest captivates us with their firsthand experience in a cybersecurity course, where Apple's preemptive patching contrasted sharply with a swift Android exploit. This conversation extends to the broader issues of data privacy, exploring how major tech companies manage user data and the monetization behind it. As we ponder the future of privacy and security in the digital age, our guest's insights illuminate the path forward, underscoring the multifaceted challenges and opportunities that lie ahead.
Follow the Podcast on Social Media!
Tesla Referral Code: https://ts.la/joseph675128
YouTube: https://www.youtube.com/@securityunfilteredpodcast
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:01):
how's it going around ?
It's, uh, it's great to get youon the podcast.
You know, we kind of put thistogether I guess, for my
standards, right for schedulinga guest.
We put it together like lastminute, even though it was like
two months ago, yeah, at thispoint.
But like at this point in time,like with the podcast, it's
interesting, right, because Ialways want to get people on
(00:22):
like as quickly as possible.
But then I I look at my backlogand I'm like, well, shit, like
their, their episode wouldn'teven go live for six months.
So it's like, okay, we got topush this out.
You know a bit like make itmore reasonable and whatnot.
But yeah, it's a real, it's areal pleasure and honor to have
you on the podcast today.
Speaker 2 (00:39):
Thank you.
It's very nice to be here, niceto, to, to have the opportunity
, uh, to present me and thecompany and be in this podcast.
Speaker 1 (00:51):
Thank you, yeah, yeah , absolutely.
You know, for, for those, forthose not very familiar with the
podcast, right, and how we kindof structure it, you know, I, I
get guests pitched to me everysingle day, right, every single
day someone new is pitching me.
This time, right, I actuallypitched you to come on the show,
and when I do that, I don't doit very often, but when I do
(01:12):
that, you know, it's because youdo something really interesting
.
You've created something reallyinteresting that I believe in
personally, right.
So I start everyone off withkind of giving their background.
What made you want to get intocybersecurity?
What made you get into IT?
Was there a point in time whereyou know, when you're looking
back, you're like, oh, thatexperience with my dad or my
(01:33):
older brother, whatever it mightbe, with this computer kind of
opened my eyes to the world oftechnology.
You know, what would that befor you?
Speaker 2 (01:41):
So I think everything started, you know, in the
military service.
I served in the Israelimilitary, in the IDF.
I was in the 8200th unit, ifyou're familiar with it, which
is the technology intelligenceunit.
That's where everything startedfor me.
Then I went to the Technion tohave my degree, which is
(02:06):
equivalent to MIT, to do thecomparison, and so that's where
everything started for me.
Wow, yes.
Speaker 1 (02:18):
So was there any interesting projects or things
that you could, you know, kindof discuss a little bit like in
loose details, right?
That you did when you were, youknow, in the IDF group.
I've had a lot of you guys onand it's always interesting to
just hear the specialties andlike how broad the specialties
(02:42):
are right, Because Israel isknown for having top-tier
cybersecurity talent within themilitary component and whatnot.
It's always fascinating to me.
Speaker 2 (02:54):
Yeah, so first, we're talking about over 25 years ago
, so it's a long time ago.
But in the IDF regardless bythe way, which guns, by the way
which you are you are there tobe independent.
So you are starting to gettingmature much faster than I think
anywhere else, because you get alot of responsibilities again,
(03:18):
whether you're in the field withguns or whether in the back
office with the technology.
So I think that's a greatadvantage for Israeli, even
though it's a mandatory servicefor everyone.
But it also gives you lifeexperience very early.
So I think and it's welldiscussed in many places about
(03:43):
why Israel is a startup nation,so a big part of it is the idea.
So the idea.
I cannot really talk about whatI did there, but you can
understand that we're talkingabout cyber projects that get
your experience.
Again, we're talking aboutalmost 25 years ago.
(04:03):
It only changes all the time,but, uh, um, the same thing that
you know.
Give me a really, really bigpush, uh, in this field yeah,
it's fascinating.
Speaker 1 (04:19):
You know, man, I, I was, I was with a friend over
this weekend, right, and uh,they, they had their like seven
or eight year old there we werewatching a football game and you
know, we we brought up like, oh, that was 20 years ago, right,
and it kind of felt like, kindof felt like yesterday.
Honestly, like I, I remember Iremember that time frame like
(04:40):
very well, it was a lot of funfor me and you know, we were
talking about it.
You know it was like in 2005,right, we were talking about
like this thing that happened 20years ago and their kid was
like wait a minute, that's 20years ago.
And we're like, wait, what,what don't say that.
And then, two, you know thatthat's like crazy, that we're
(05:02):
like, you know, thinking aboutthis memory, right, that we
experienced 20 years ago andit's still so fresh in our minds
and whatnot.
Yeah, it's interesting how thatkind of could translate, you
know, potentially to liketechnology, right, because, like
the things 20 years ago, youtypically think that those are,
like, you know, dead pieces ofmalware, right, or dead pieces
(05:25):
of technology just overall, butsome of that stuff, some of that
stuff, surprisingly, is stillaround, right.
I mean, is that true?
Maybe I'm wrong.
Maybe they tweak it so muchthat it's no longer the same
thing.
What's your opinion on that?
Speaker 2 (05:43):
So that really depends.
You know what kind oftechnology I mean.
You see today that you knowtechnology evolved really fast
on one end or the other and somethings are still traditional.
So that really depends.
You know, talking about maybetraditional areas where
(06:04):
technology you know improves alittle bit slower, especially in
the military, medical stufflike that, more conservative
domains, I think they aregetting even faster today.
So everything gets really fast.
Speaker 1 (06:24):
Yeah, yeah, that's very true.
I mean, like today, you know,for instance, we have the Apple
event, right, and, like you know, I'm sure that new chip is
going to be 10 times, 15 timesfaster than the one I have in my
laptop right now, which waslike their first gen Apple
Silicon.
You know, yeah, it'sfascinating even to see.
(06:45):
You know, I'm on the technicalside of it, right, so it's
fascinating when I see, likethese software, you know,
manufacturers, or even hardwaremanufacturers, and they have,
you know, the capability tostill have that old piece of
software running on theirmachine, it like intrigues me a
little bit.
It's like, man, like how didthey think this through to have,
(07:06):
like these, you know, theseplugins by default and these
languages and what not, likepulled in libraries and whatnot.
It's, it's fascinating, right,but we don't have to go down
that rabbit hole, right, likewe'll, we'll talk about that
forever.
When you were, when you weregetting out of the IDF, you was
that like, did you have troublefinding your next thing?
(07:30):
And I ask that because, inAmerica, when I talk to these
guys from the NSA and from theCIA and whatnot, they can't talk
about what they did for likefive to seven years right.
So they have to like fabricatetheir experience, they have to
fabricate their history rightand hopefully find a job and if
they make it past like thatseven year mark, you know like
(07:53):
they're able to like kind ofopen the door into like oh yeah,
I was a spy, or oh yeah, Ihacked, you know, for the NSA
and things like that.
Is that the same kind of, Iguess, mentality in Israel, or
is it different?
Speaker 2 (08:08):
So back these days it was very clear for me that you
know, after I finished themilitary service, I go to the
tech union to get my degree.
I think that it's a little bitdifferent today, because it's
getting really hard to get tothose units today and if you're
(08:28):
good at what you are doing, youdon't need to have any degree.
You can just find a job andsince companies in Israel are
full of employees that went outfrom these units, you can
discuss a little bit about whatyou did and you can go directly
from the military service towork without even having a
(08:49):
rebound.
You know, 25 years ago this,I'm not having it again.
I think that for me, gave me amore mature academic background
for what I'm doing today.
And I think you know there's anincreasing demand for software
engineering all over the world,especially in Israel.
You can see, even I know, thatbig companies, even Google,
(09:15):
facebook, apple that have bigoffices in Israel, they have a
list of many open jobs for along time.
So it's not about softwareengineers today and this is why
you know employees, many of themare jumping directly from the
IDF.
They can't enforce to directemployment with those giant or
(09:38):
other sort of means.
So that's the difference.
It's getting a little bitdifferent than it used to be huh
, yeah, that is.
Speaker 1 (09:50):
I mean I'm sure that, like all of those big tech
companies, would you know,market their services, their
opportunities in Israel.
Just it being such a such aplethora, right of good
experience, right, high skillsets and, like you said, like
(10:12):
the 8200 group, it's becomingmore and more difficult to get
into it.
Right, like that is maybe themost elusive thing.
Right, like the same thing inthe States here.
Right, like with the NSAsa, thecia, like if you say that you
were a hacker for the nsa, Imean people will, will fire
their entire red team for you.
(10:33):
Like they'll, literally,they'll just give you whatever
you want.
It's like, oh yeah, I don'tlike working with this guy.
Okay, he's fired by the end ofthe day.
What else?
Speaker 2 (10:43):
Again, the industry in Israel is not only subsidiary
of Ford.
There's a big variety ofsoftware companies, especially
software companies, also othercompanies in Israel.
It's important, yet not thebiggest domain in Israel.
Speaker 1 (11:03):
So why do you think that that is right you kind of
touched on it a little bitbefore where, when you're in the
military or in that group, youget the opportunity to kind of
decide your own work rightmentality, where you're able to
(11:28):
identify a gap right that thatyou may have with the current
tool set or whatever that itmight be that you're using right
, and so then you start creatingsomething from scratch.
And it's that experience thatkind of builds upon itself,
because you have to view thingsfrom like a very much a reverse
engineering mindset, right.
I'll give you an example.
I have a good friend of minethat was a cyber warfare officer
for the Navy, right, he doesn'ttalk about it publicly or
(11:50):
anything like that.
But I asked him like, finallyit took me like weeks to get out
of him what he actually did,you know and he said, yeah, like
I created the proprietary simand edr solution for the navy.
And I said what do you mean bycreate?
(12:11):
Like there's crowd strike outthere, like why would you create
something that's already beencreated?
Right, like it doesn't makesense to me.
And he, he literally explainedit like yeah, they give you no
budget and they give you a taskcreate this thing, and if you
don't, you're going to be offthe team, like that's plain and
simple, right.
And so this guy you know we'reevaluating like a CSPM solution,
(12:33):
and he's, he's sitting here inthe background, he's like I
could create it for you knowthis amount of money and this,
and that, hey man, we're not inthe military anymore Like we're.
We're not in the militaryanymore Like we're.
We're.
We're buying a solution.
(12:53):
We're not creating, you know,some like brand new solution
that only you know about opensus up to a lot of risk.
Is it?
Is it that mentality of likereverse engineering that you
know, you think like paysdividends in other areas of
technology and whatnot?
Speaker 2 (12:59):
So let's say it's 200 units so, for example.
So if you try to compare it toa standard company, the way they
are working, so we havecommanders that you can compare
it to your boss, so it's verysimilar.
It's more civilian than otherunits in the military.
On some domains, you need to bevery creative.
(13:24):
On some domains, you need to bevery creative.
On the others, you havelong-term projects that you're
working on.
It can be a few years, withmany people working on them, and
you have a very clear scheduleof what you're going to do.
So it really depends on whatyou're doing.
Again, this is the biggestthing with the idea.
So that really depends on whatyou are expected to do.
(13:48):
You can be either creative orthe project.
Either way it's veryinteresting.
Speaker 1 (13:54):
Yeah, yeah, absolutely.
So when you got out of yourschool right, the MIT of Israel
and whatnot where'd you go fromthere?
Where'd you find yourself?
Speaker 2 (14:05):
So I worked for the Tech Union.
I was like one of theprofessors in computer and
graphics actually.
So I think I was one of thefirst professors in the world
that touched programmable GPUs,and we did it for research.
(14:25):
And then I started my first jobin this domain.
I worked here for two years.
I joined a startup right afterthe founders raised money.
My first job was an R&D managerof a very small startup that
did very sophisticated thingswith computer graphics on mobile
(14:49):
phones.
Back these days it was, I think,six, seven, something like that
no iPhones, no Android phones.
Iphone was not launched yet.
We worked on similar devices.
You mentioned it before.
(15:11):
Like an ancient history.
It was only, I mean, 16 yearsago, something like that.
30 years ago we didn't have anyiPhones or Android devices.
So I worked then and then, witha friend of mine, we had an
idea.
(15:31):
Smartphones sort of became athing, and if you remember
smartphones for example, symbian, if you remember by Nokia they
were very complicated for users.
I mean, if you want to set upyour email, if you were not tech
(15:53):
savvy you couldn't do it andsmart home started to become
more and more popular.
Again, that's only thebeginning of iPhones and Android
and we had an idea that thoseusers needed some help from the
support center.
So why wouldn't we give themsome help or the call center
help by remote controlling thosesmartphones?
So the customer is calling thecall center and the agent is
(16:21):
able to remote control hissmartphone and do the job for it
.
So we did that.
We founded our own company andraised money and went to some of
the call centers in the worldin Israel, in India.
We also had a pilot with AT&Tin USA and I was in this company
(16:44):
until three years ago.
But this company did some pivotduring that time.
So it started to offer somemanagement solutions for
enterprises like MDMs andeventually this company
completely pivoted.
What the company is doing anddid a secure operating system
(17:11):
for enterprises.
But the focus was about, Iwould say, connecting devices
and equipment that needs securecommunication.
I'll give you an example.
So let's say you have apacemaker and you get you know
in the operating room.
This pacemaker is coming with asmartphone today.
(17:33):
So the pacemaker is implantedand it is connecting via the
smartphone to the manufacturerfacilities.
So originally thosemanufacturers they used
off-the-shelf devices likeSamsung.
(17:54):
There are some that are stillusing.
The idea was to curate thedevices.
That is dedicated for thismission.
So we need to be secure, weneed to be managed in a way that
you know we have a fleet ofdevices, so we need to be secure
.
We need to be managed in a waythat you know we have a fleet of
devices and you need to have,like, a long-lived supply chain,
because you know consumerdevices, they're manufactured
and then after a year, you know,no one is manufacturing them In
(18:16):
the medical industry, thinkingabout pacemakers and insulin
injectors.
They're long-lived and they,you know, proceed to approve
them via the FDA.
So this is what this company isdoing.
It's actually still doing ittoday With AT&T, by the way, for
some of their end customers,but for me it was, you know,
(18:40):
after so many years there.
And then we had the idea, youknow, we want to make a real
private, secure phone for theend users, not for enterprises
or governments, which is what wedid in my previous company, and
I think the focus is not onlyprivacy and security but also
(19:02):
making everything convenient,because what we discovered, you
know, in my old company, is thatwhen you know, you know users
were interested in a product,but you need to be very have
very technical understanding ofhow to operate a device that
(19:22):
doesn't have the convenience ofa normal smartphone.
And then we decided to foundUnplugged.
So Unplugged was like a certainevolution of what I did before.
I gained all my experience withboth hardware and software from
my old company and, besidesthat, I know there were a few
(19:45):
attempts to do such a smartphoneexperience with both hardware
and software from my old company, and we decided to do.
You know, I know there were afew attempts to do such a
smartphone and we tried toanalyze, you know what, why
those companies didn't make it.
I mean, there's clearly ademand for some products, but
they were not very successful.
So when we tried to analyze andunderstand you know, do we need
to found this company?
(20:06):
We understand that severalthings were changed in the last
few years.
The first thing is that privacymatters for many users much
more than before, because theyare realizing how their data is
collected, shared, monetized,and there's a lot of awareness
(20:27):
for such products.
Another thing is that, unlikefive, six, seven or ten years
ago, for a small company it wasnearly impossible to create a
good hardware because the supplychain was very different.
(20:48):
All the big manufacturerscontrolled the hardware.
They had access to the high-endhardware which small companies
cannot even finance.
But today small companies canbuild their own smartphone from
scratch.
I mean, you still need somefunds to do it, but it is
(21:08):
possible.
And if you notice today youknow if you have your latest
iPhone or Samsung device, youwant to convert to the new
version of the hardware.
There's not much of adifference between every year.
Speaker 1 (21:24):
Yeah.
Speaker 2 (21:25):
I mean like almost nothing, yeah, version of Diablo
.
Speaker 1 (21:27):
There's not much of a difference between every year.
Speaker 2 (21:28):
Yeah, I mean like almost nothing.
Yeah, it's more on paper thansimply you can notice.
I mean the software is almosteverything.
So, yes, you can maybe get aslightly better camera or a
faster CPU that no one willnotice, except if you're a hard
gamer or trying to do somethingthat you don't need to do on
your smartphone from a CPUperspective.
So that gives the opportunityto do it.
(21:50):
But the third reason I thinkthat all previous attempts were
failing is because the userexperience was not good.
And basically, creating aprivacy phone means that you
must not have Google on yourdevice.
It's a difficult device andthat is very inconvenient.
(22:11):
Yes, so even for those usersthat want to understand the
importance of privacy, havingsuch a phone is very
inconvenient and if you see thepure extent, it's not a usable
device.
So we realized that our missionis to create not only a privacy
(22:32):
in a private and secure phone,it's to create a convenient
somewhere that no other user canuse.
During this path we alsorealized you know it was obvious
for us that the USA market isthe biggest market for such
devices.
We're going to launch it oninternational territories later.
(22:54):
We realized that you know weneed to do something really good
here.
So in USA what you see is thatyou know most users are most
customer consumers are buyingtheir phones from carriers and
even that transition from buyinga device from carrier to the
open market is a challenge inUSA.
(23:16):
You know everyone in the worldnot everyone else, but most
places in the world take Europe,for example you can see a big
part of the market is buyingfrom the open market.
I mean not from the carry.
We just realized that you knowmany consumers don't even know
what a SIM card is.
So realizing that that's a bigchallenge for us and this is
(23:40):
what we're trying to achievecreating a convenient phone,
secured phone, private phone andfocusing on the support and
doing the transition.
Speaker 1 (23:56):
So let's talk about that a little bit.
Right, let's dive into this.
You know, when I was getting mymaster's in cybersecurity and
one of the courses was mobilesecurity, right, and we were
really comparing, I was gettingmy master's in cybersecurity and
one of the courses was mobilesecurity, right, and we were
really comparing thearchitecture of Android to
iPhones and this was back in2018, you know.
So I'm sure it has changed someat this point.
(24:16):
Probably, honestly, it'sprobably more on the Android
side than the iPhone side, right, because iPhone focused more
specifically on, like, supplychain security to some extent,
right, having their own chips init and whatnot.
But a part of this course wasto actually, you know, find a
vulnerability.
It could be already known,could be whatever.
(24:37):
It is right, find avulnerability, exploit it on the
device of your choosing, and soI wanted to make this a little
bit difficult, right, I want tomake it a little bit challenging
and I wanted to find avulnerability, you know, with
Bluetooth on an iPhone.
Right, found the vulnerability,tried to exploit it.
I spent 36 hours trying toexploit it, something that was
(24:57):
never going to work because,basically, apple did a silent
security update, literally twoweeks before I started trying
this thing, and it was literallyfor this Bluetooth exploit.
I go and I attempted on Android.
Within you know, maybe 15, 20minutes, I have root on the
device and I'm able to controleverything about the device,
(25:18):
right, like that was.
That was a huge difference tome.
That was a huge eye opening.
You know, kind of event, right,maybe, and I'm a terrible
hacker, I mean, like, I don'teven claim to be a hacker, like
you know, if anyone were toapproach me at, like, def CON or
something like that, right,like I am not doing capture the
flag events or anything likethat, like you know, I'll go
(25:41):
watch, right, but I, I'm not,I'm not over here trying to hack
stuff.
But that that experience,though, even knowing, you know,
having that self-awareness, likehey, I'm not good at this, this
isn't like my forte in securityfor it to be that easy with
android it kind of swayed memore heavily even towards iphone
(26:01):
.
And the reason why I went fromAndroid to iPhone, you know,
probably 10 years before that,right, what was?
Because of the ease of use,right, I had a very bad
experience with Android.
I was downloading things fromthe Google Play Store that had
malware on it.
It had millions of downloads,right, like the Facebook app.
You know, the Facebook app hadmillions of downloads, or
(26:22):
whatever it was when I had anAndroid.
I'm downloading the Facebookapp.
You know, the Facebook app hadmillions of downloads, or
whatever it was, when I had anAndroid.
I'm downloading the Facebook appand it has malware in it, right
, and this malware is likeimpacting my device pretty
significantly, like theperformance is insanely
decreased.
You know everything about it,right, and so I, with that
experience and I even talked tolike Android support at the time
(26:45):
and said how the hell is thishappening?
This has happened three timesto me.
I'm literally going to your ownPlay Store and downloading it
this is even before me gettinginto cybersecurity and they're
saying well, you're downloadingit.
It has malware in it, yeah, andthere's no way to tell, and I'm
sitting here, like Google, it'syour Play Store.
You don't have a way of tellingif it has malware in it.
Speaker 2 (27:10):
So you touched so many interesting points.
I try to remember what you weretalking about, but let's start
with that.
So you're talking about maybe10 years ago, right?
So back these days, apple wasvery close.
You could not do much on theiPhone as a developer.
On the other hand, google hadeverything open.
(27:33):
I mean like almost everything,and that not only means from a
developer perspective what youcan do on the phone, all the
APIs, but also in terms of theGoogle Play Store.
You can upload an applicationto your store.
No one will even verify that.
No one will look at it on theapp.
(27:53):
They're not even automaticscanning of the apps.
Permission usage was if youcould use it, then you could
upload it to the store.
Both Google and Apple did somechanges.
So Apple became a little bitmore open.
They gave the developers moreoptions.
(28:14):
On one hand, google startedbecoming more secure in their
place let's talk about Androiditself in a second.
But today it's harder to uploadan application to Google.
There is some verificationprocess for you as a developer
for your app.
They restricted a lot of thingsthat you can do with your
(28:36):
applications.
Permissions were downgraded.
I mean you cannot do anythingthat you want to do as you used
to be and the whole operatingsystem is becoming more secure,
but again, we'll talk about itlater.
So things are changing all thetime and in the case of Google,
(28:59):
they also have the problem ofthe large device variety.
So you have so many devices outthere, so many versions of the
operating system, and they hadto do some work in order to make
sure that those that are outthere can maintain all the
(29:20):
security updates.
And they did a good job thereto be better and give the
manufacturers better support inupgrading the operating system,
making the upgrade easier forthem.
We see it's not by ourselves.
So we launched our operatingsystem based on Android 13.
(29:42):
We are updating to Android 14this year.
The process is not very hardfor us, even though we did many
changes in the operating systembased on Android system for more
security and for our needs, andit looks much better Now, if
(30:03):
we're talking about the Androidoperating system, android used
to be very light back these days.
You know we are devicemanufacturers, so we are in
charge of the operating system.
I see the Android source.
Actually, anyone can see theAOSP tree.
We see the old BSP tree,including the drivers and
(30:26):
everything and that is becominga huge piece of code, and most
of the changes are related tosecurity, and more and more
layers are added to prevent, tomake the operating system more
secure, what is exposed to otherapps, for example, something
(30:50):
that used to be very open, evena few years ago, now much more
close Stuff like that.
That permission mechanism wasevolved.
What person is giving tobuilt-in applications on the
phone?
So Android has become like ahuge monster and many code
(31:15):
changes are made in the Androidoperating system to support this
agenda.
Having said that, the more codeyou add, the more
vulnerabilities that you canpotentially enter the operating
system.
That actually brings adifferent topic, because we
discussed about iOS versusAndroid.
So iOS is a closed source andAndroid is not, and many
vulnerabilities are discoveredbecause it's an open source on
(31:36):
one hand.
On the other hand, apple closedsource policy prevents someone
from you know, take a look inthe source code and find
vulnerabilities.
So I assume that potentiallymore vulnerabilities exist on
Apple, even though probably theyare much harder to be found.
Speaker 1 (31:55):
That's interesting.
Yeah, that is fascinating.
You know, the last time Ilooked at like the device
architecture of iPhone versusAndroid, right, just kind of an
overarching architecture, youknow, it seemed like the iPhone
kind of protects the user fromthe user, right, like they have
(32:17):
sandboxes for their apps, theyhave sandbox for their user
space, they have it separatedfrom the operating system, even,
right, and there's veryspecific like keys that you have
to use to unlock each of thosecomponents and whatnot.
And you know, even, like if youwere going to, you know, take
it, take your iPhone right to anApple dev and say, you know,
(32:40):
open a terminal and troubleshootthis thing, like they would
have to have a very specific keywith a very specific you know
cable that's plugged into it,probably within the geofence of
you know Apple campus andwhatnot, right, all of those
things have to line up for themto be able to do that, which I
mean, at least from my opinion,right, like I haven't seen it
(33:01):
from your side, wherepotentially you're actually
actively thinking of new ways toexploit devices.
Right, because I mean, that'sprobably how you, you know,
built unplugged to some extent,right, like it's like, well,
what's what's available rightnow to exploit devices and
what's coming in the future toexploit devices.
I don't know it from that angle, but at least from my angle, it
(33:21):
seems like, okay, iphone getsme, you know, 85, 90% of the way
there in terms of security.
So I'm going to go with thatright.
And then I heard about theunplugged device, which was very
tempting to me.
Right, because I don't know ifyou've listened to the podcast
very much, but right beforeRussia invaded Ukraine, right On
(33:44):
the podcast I was calling outRussia, right when everyone else
was saying, oh, it's a warexercise or whatever it is.
You know, it's like, hey, theyhave tanks on the border for a
reason, like they're not justamassing to amass and they're
not doing this war exercisedirectly on the border for no
reason.
You know, I was activelycalling them out and I do the
(34:06):
same thing with China andwhatnot.
And it was interesting,literally the day that Russia
invaded Ukraine, my podcast gotblackholed or blacklisted in all
of Russia, china, Iran,basically all enemies of America
and Israel, they all justblacklisted my podcast
immediately.
Oh, it wasn't a substantialportion of my traffic, but it
(34:27):
was enough for me to be like Iused to get 15% from Russia and
now I get nothing, you know.
So it's like okay, you know soit's like okay, you know, that's
.
That's a substantial difference.
And very, I guess, veryinterestingly, right at the same
time I started getting very,very odd attacks, you know, on
(34:47):
my, on my PCs, on basically anyPC that was at home, which was
very interesting to me because Ihost a podcast.
Right, like, what the hell am Igoing to do?
How am I even, like seen aslike a threat to the state of
Russia or China or anything likethat, like you're literally
wasting resources, even if it'san automated script that you're
running, you're wastingresources trying to like get at
(35:11):
me, right.
And so that's when I started tokind of go down this whole
rabbit hole of how do I securemy devices?
Right, like, how do I?
I need to have a secure devicethat I can, that I can use if I
need to, that I can ensure isforever secured and in my
benefit.
And so that's how I kind ofstumbled on the unplugged device
.
So I say all of that right tokind of pivot, almost right, and
(35:35):
build a little bit of contextaround device.
So I say all of that right tokind of pivot, almost right, and
build a little bit of contextaround it.
So, the devices that we'recurrently using iPhones and
Androids do you think that theirprice would be even more
significant than they are todayif they were not selling our
data?
Yeah, which is yeah.
You think it would be?
How much more expensive do youthink it would be?
(35:56):
Like, what's the difference?
Speaker 2 (35:58):
So I think we did some math and I think the rough
number that Google's making onlet's say, I don't know the
Apple's number exactly, but Iguess they're similar, maybe
even more so we approximate Ithink you find some, some proof
or evidence for it that theymake about 150 to 200 every year
(36:23):
from you just for holding asmartphone that you know
manufactured by apple or googleso they're making 150 just from
me having the phone.
Speaker 1 (36:34):
Yeah Right, that's kind of like the default, that's
like the default usage of thephone, without really even like
clicking on different ads andstuff.
So this is not oh so are theybuilding enough, yeah, okay.
So are they building in a feewhen I Google a product, right,
like well, let's say, like overthe weekend I bought like a
(36:56):
torque wrench for my car, right,when I Google torque wrenches,
is Google getting a fee fromApple or Apple's getting a fee
from Google?
And then when I go to Amazonfrom that link in Google is like
Apple getting another fee fromAmazon Because I went to their
link on their phone.
Is that how convoluted it is.
Speaker 2 (37:19):
First, I think Google is paying Apple for being a
default search in their device.
It's one thing, but you shouldthink about private data, not
only about your searches,because the search can be done
on a private phone, but let'sthink you know your location
date.
So location even not talkingabout your specific location, I
(37:41):
mean your location as acollective data of locations
that can be sold to data brokersfor different purposes, so they
can make money from it or useit for their own product, to
build new products.
So this is one thing.
Let's see one of the challengesthat we have.
For example, we are the Googleshow, so we don't have the
(38:04):
luxury of using Google networklocation services, which is a
location service that is builtfrom user data, from their Wi-Fi
hotspots locations, for example.
Think about anything thatyou're doing on the phone that
is not related directly to whatyou're using, that everything
(38:27):
can be used for Google or Appleproducts and that can leverage
other skills.
So, um, I mean the number ofopportunities just being on your
phone as a infrastructuresoftware is, you know, infinite.
That's it so okay.
Speaker 1 (38:50):
So that is really fascinating and I think I have
like two major questions from itright, hopefully I don't forget
one of them From theperspective of Google getting
device location right.
So when I upgraded my iPhone, Iupgraded a couple of years ago
iPhone 14, I typically likeupgrade every four to six years,
(39:12):
you know, because kind of likewhat you said right, like
there's not like a giantperformance difference.
I'm not going to notice it, I'mnot going to feel it.
It's kind of timed with whenthey stopped supporting the
phone.
It's like, okay, I guess I haveto upgrade Right, cause I'm not
that big of an idiot.
You know to where I'm going tohave like a super old phone and
can't patch it.
But when you upgraded to therecent probably you know ios
(39:36):
right, it gave you the abilityto it.
It at least gives you the feelthat you're limiting.
How much these apps can you know, gather on you right, google
being a great example?
I mean, I'm sure someone atgoogle is going to be pissed off
at me if they hear this right,right, but you know like when I
got, I just remember, right inthe search app, it like asked
(39:59):
for my location information.
Denied, it went into the Nestapp Nest owned by Google and
sorry about that.
Nest requested my, my locationinformation.
Right, so I said yes to thatbecause because obviously I want
to run a more efficient home,you know I don't want a giant
electricity bill.
Nest does that thing.
You know that deals directlywith that.
(40:21):
I wonder if they're thenleveraging that permission of
saying he allowed us for Nest sowe're going to do the same
thing for, you know, googlesearch locations and whatnot,
which would actually kind ofmake sense for what I
experienced recently when I wentto a.
So I live in a blue state herein America and I mean, like
(40:42):
typically that's not evensomething that you like have to
say or like mention or anything,but it's so divisive or
divisive, you know, like now inthe world it's like you have to
build that context in.
So I live in a blue state andwhen I went to a red state, I
was bombarded with like leftmaterial, right, left, centered,
(41:05):
left, focused material.
I'm completely bombarded withit to the point where, like I
thought something was wrong withmy phone, right, I thought
something was wrong with mydevices because it was so off
the wall from what I'd normallysearch.
It makes me like recalibrate,like well, how are they actually
getting that info right?
(41:25):
Like, are they just getting itfrom GPS information?
Because, like that's such aloaded topic, it's such a loaded
you know loaded thing to diveinto In your opinion, in your
own research, because you'rebasically the expert in the
field.
Is that what they're doing?
Are they kind of leveragingthat access in one area to be
(41:46):
like, well, it's a Googlecompany, we're going to do it
over here too.
Speaker 2 (41:51):
First, specifically for the Nest, I'm not sure I
need to read their.
You know terms and conditions,but you know, think about, let's
say, you don't want to shareyour information, your location
data, your inaccurate location,can still be accessed through
several methods.
For example, you know, if youknow the Wi-Fi MAC address that
(42:15):
you're connecting to, they canget to your almost exact
location, I mean as an appdeveloper, for example.
So that may be or may not beblocked in a specific app, but
certain apps can access it.
But I think I have a goodexample and about maybe that you
know, I think I have a goodexample about maybe that will
(42:37):
give you some evidence aboutwhat those companies are trying
to do and how apps developers or, let's say, those data brokers,
are bypassing.
So I want to talk about theAdvertising ID.
You know it was a few years ago.
Everyone had it.
It was Apple, google.
(43:01):
Apple blocked it.
You know, blocked the data fromFacebook.
Google even, you know, decidedthat.
You know it would not bemandatory.
You can even disable it.
That should be enough to cut orto stop the efficiency of the
add-in industry.
(43:21):
So, add-in industry are youfamiliar with the add-in
industry?
Maybe I'll explain.
So the add-in industry is acybersecurity hacking domain
that allows a very effective,cost-effective, actually
targeting, profiling and gettinginformation about people.
(43:44):
So the idea is that, let's say,I want to know your location.
All I need to do is to do someadvertisement campaign that
targets your profile.
I know your age or, I would say, approximate location I mean
which city you are, what is yourinterest and then I send some
(44:06):
advertisement data to containyour location and then I use
this information that I gatheredfrom this campaign to know your
specific location, for example.
Let's say, for example, I getlike 1,000 hits that you know
this campaign was.
You know 1,000 people that thiscampaign hits in your city.
(44:32):
I know where you're living.
I know where you're working.
I see only one person withthose two locations.
I know where you're living.
I know where you're working.
I see only one person withthose two locations.
I know it was you.
They can trace back all yourlocations.
So, given that you don't havethis head ID, this industry
should now be blocked.
But that's not the case becauseI can still profile you from
(44:56):
other data on your device.
So if I know, you're not evenneed to know.
I need to get your device model, some other characteristics of
your phone, a few that those adscan get, like mobile carrier
and some other parameters.
I can narrow down thoseparameters like 9, 10, 11
(45:19):
parameters and gather all ofthem together to give an ID,
like a fake ID, to your device.
So, even though Google andApple are trying to blow up and
give more secure products in,essentially you know there is
(45:42):
some okay, because you knoweventually it will not allow all
the apps to the way they should.
So the into the apps haveaccess to the system, to the
data on your phone.
You're onto the applicationtool.
So, yes, they're doing a lot inthis area, but that is not
enough, especially for thoseattackers that you know will
(46:06):
find any way again, even withouthacking your phone, to get
information about.
Speaker 1 (46:12):
That's really.
It's interesting.
You know, I feel like peoplealways had the mentality it's
maybe a legacy mentality, rightwhen they have to, like, hack
your actual device in order to,you know, gain information or
track you or whatnot.
It seems like they don't evenhave to hack your device anymore
.
They just have to pay a databroker to get whatever they want
(46:36):
.
Right, I mean like, and with Imean I I guess with, from what
you were saying.
With iphones, with androids, youknow, it's basically impossible
to to block that stuff.
Right, because it's almost likeapple gives you the illusion of
privacy and I I mean pleasecorrect me if I'm wrong Right,
(46:58):
but it seems like they do a bitof a better job than Google
overall, right, if we're not, ifwe're not thinking of this, you
know, data broker side of it,right, it seems like they do a
good job overall of protectingtheir users from themselves,
protecting their devices.
You know, ensuring privacy, tosome extent, it seems like they
do a good job of it, but youknow, it's like it's difficult
(47:22):
because it turns into asituation where one you know,
I'm I'm a security person, I'mmore aware of it than you know
98, 99% of the population.
How in the world is you knowsomeone of the population?
How in the world is you knowsomeone like my parents, you
know, in their, in their 50s,60s, right, they're never going
to know the difference, they'renever going to think about that
(47:44):
or anything like that, and soyou need a device that's doing
it, you know, automatically.
Because if, like you said, ifapple were to actually make that
change on their device, like 95, 99 of the apps on their device
wouldn't even work, apple wouldhave to go into the business of
recreating all these apps youknow themselves to make it work
on their device yeah, actuallyit's.
Speaker 2 (48:07):
it's opposed to their business model.
It's just opposed to thebusiness model and you, you know
, we created in the app phone.
One of the biggest things thatwe put on the phone is a
firewall that blocks trackersand ads, not only in the web
browser, also in the apps.
So, you know, trackers most ofthe apps have trackers.
(48:33):
Some of them are, you know,legit, like from the developers
to collect some data about theusage of the app.
Some are for just selling thedata and, by the way, our new
antivirus version that we'regoing to release later this
month will show this informationfor use.
(48:54):
You can install it also onregular inverse phones.
This information, by the way, ispublic.
I mean, most of the users donot know how to access it.
They do not know that theyshould, you know, track those
trackers or even have trackers,and antivirus is not even
showing this data because theyare failing in this area too.
They have some trackers bythemselves.
(49:15):
So this is one thing.
Another thing is that, you know, regarding Apple versus Google
in terms of software.
So, when you spoke about hackers, I think so, if you know
Cetabright, cetabright, they areproviding for government
(49:37):
agencies the ability to hack toyour device.
So if they have a criminal'sdevice, they can hack into the
device and collect data.
So there's a leaked documentfrom Cellebrite of the brightest
about maybe five, six monthsago they divided the, the
categories for android, iphonesand uh, generally speaking, I
(50:01):
think.
I mean they don't have thesolution for the latest iphone,
but you just risk three days forthat.
From my experience, they arealways have the ability to hack
into the and also to mostAndroids, and they had a very
(50:21):
nice section separated just forGraphene OS on Pixel devices and
it's a separated section andit's clear that Graphene OS on a
Pixel device is more securethan any iPhone or Android
device.
So that's very interesting forus.
(50:45):
Of course, our understanding isthat Graphene OS is not
accessible for most of the users.
They cannot just do a Pixelphone and flash the device.
But there are ways in software,similar things that we are
doing, to protect you and an enduser.
Speaker 1 (51:04):
So what's the OS that the unplugged device is running
?
You said that it wasessentially Android 14 on the
back end.
What are you calling yourbranch of Android 14?
Speaker 2 (51:16):
So it's LibertOS or Libertos, so it's a variant of
Android.
It's based on a very cleanversion of Android.
We don't have any Googleservices.
We strip everything off fromthe operating system and then
build on top of the operatingsystem.
You know our security andprivacy, so it's a standard base
(51:37):
.
Speaker 1 (51:37):
That's really fascinating.
You know, I wish we had moretime, but I always try to, you
know, stick to the time limitthat I give everyone, so you
know before I let you go.
How about you tell people wherethey can find you if they
wanted to reach out and learn?
You know, maybe connect withyou right, and where they can
find your unplugged device?
Speaker 2 (51:56):
Yeah, so unplugged is available at wwwunpluggedcom.
Just search for unplugged onany search engine.
You can buy the phone today inUSA, canada.
The phone, by the way, iscompatible to most networks
around the world.
(52:16):
We're just now selling it inUSA and Canada only because of
certification and logistics.
We want to expand.
Actually, we're starting ourEuropean certificate right now,
so our next big market will beEurope and you can actually
reach us also in the appmessenger.
So the app messenger is oursecure messenger.
(52:38):
You can download for anyandroid or iphone device.
Now we have some.
We have a group there, like wecall the early adopters group,
and some of us, including me,are in this group.
So you can reach us there.
And we have live agent support.
That you know from our apps andalso from the phone.
(53:01):
You can reach our support and,you know, ask questions.
We have a lot of information onour website.
We'll try to bring more andmore information there.
The more we ask, the more weput.
But again, the FAQs section isquite big already, so you can
find.
Speaker 1 (53:22):
Yeah, perfect.
You know, ron, like I reallyappreciate you know you coming
on the podcast.
This is a really fascinatingconversation.
I definitely want to have youback on in the future to kind of
continue our conversation evenand do a part two it was great.
Yeah, yeah, it was fantastic.
I really appreciate it.
So you know, thanks for comingon, of course, and I hope
(53:43):
everyone listening or watchingenjoyed this episode.
Bye, everyone, bye.
Thank you very much, thanks.
how's it going around ?
It's, uh, it's great to get youon the podcast.
You know, we kind of put thistogether I guess, for my
standards, right for schedulinga guest.
We put it together like lastminute, even though it was like
two months ago, yeah, at thispoint.
But like at this point in time,like with the podcast, it's
interesting, right, because Ialways want to get people on
(00:22):
like as quickly as possible.
But then I I look at my backlogand I'm like, well, shit, like
their, their episode wouldn'teven go live for six months.
So it's like, okay, we got topush this out.
You know a bit like make itmore reasonable and whatnot.
But yeah, it's a real, it's areal pleasure and honor to have
you on the podcast today.
Speaker 2 (00:39):
Thank you.
It's very nice to be here, niceto, to, to have the opportunity
, uh, to present me and thecompany and be in this podcast.
Speaker 1 (00:51):
Thank you, yeah, yeah , absolutely.
You know, for, for those, forthose not very familiar with the
podcast, right, and how we kindof structure it, you know, I, I
get guests pitched to me everysingle day, right, every single
day someone new is pitching me.
This time, right, I actuallypitched you to come on the show,
and when I do that, I don't doit very often, but when I do
(01:12):
that, you know, it's because youdo something really interesting
.
You've created something reallyinteresting that I believe in
personally, right.
So I start everyone off withkind of giving their background.
What made you want to get intocybersecurity?
What made you get into IT?
Was there a point in time whereyou know, when you're looking
back, you're like, oh, thatexperience with my dad or my
(01:33):
older brother, whatever it mightbe, with this computer kind of
opened my eyes to the world oftechnology.
You know, what would that befor you?
Speaker 2 (01:41):
So I think everything started, you know, in the
military service.
I served in the Israelimilitary, in the IDF.
I was in the 8200th unit, ifyou're familiar with it, which
is the technology intelligenceunit.
That's where everything startedfor me.
Then I went to the Technion tohave my degree, which is
(02:06):
equivalent to MIT, to do thecomparison, and so that's where
everything started for me.
Wow, yes.
Speaker 1 (02:18):
So was there any interesting projects or things
that you could, you know, kindof discuss a little bit like in
loose details, right?
That you did when you were, youknow, in the IDF group.
I've had a lot of you guys onand it's always interesting to
just hear the specialties andlike how broad the specialties
(02:42):
are right, Because Israel isknown for having top-tier
cybersecurity talent within themilitary component and whatnot.
It's always fascinating to me.
Speaker 2 (02:54):
Yeah, so first, we're talking about over 25 years ago
, so it's a long time ago.
But in the IDF regardless bythe way, which guns, by the way
which you are you are there tobe independent.
So you are starting to gettingmature much faster than I think
anywhere else, because you get alot of responsibilities again,
(03:18):
whether you're in the field withguns or whether in the back
office with the technology.
So I think that's a greatadvantage for Israeli, even
though it's a mandatory servicefor everyone.
But it also gives you lifeexperience very early.
So I think and it's welldiscussed in many places about
(03:43):
why Israel is a startup nation,so a big part of it is the idea.
So the idea.
I cannot really talk about whatI did there, but you can
understand that we're talkingabout cyber projects that get
your experience.
Again, we're talking aboutalmost 25 years ago.
(04:03):
It only changes all the time,but, uh, um, the same thing that
you know.
Give me a really, really bigpush, uh, in this field yeah,
it's fascinating.
Speaker 1 (04:19):
You know, man, I, I was, I was with a friend over
this weekend, right, and uh,they, they had their like seven
or eight year old there we werewatching a football game and you
know, we we brought up like, oh, that was 20 years ago, right,
and it kind of felt like, kindof felt like yesterday.
Honestly, like I, I remember Iremember that time frame like
(04:40):
very well, it was a lot of funfor me and you know, we were
talking about it.
You know it was like in 2005,right, we were talking about
like this thing that happened 20years ago and their kid was
like wait a minute, that's 20years ago.
And we're like, wait, what,what don't say that.
And then, two, you know thatthat's like crazy, that we're
(05:02):
like, you know, thinking aboutthis memory, right, that we
experienced 20 years ago andit's still so fresh in our minds
and whatnot.
Yeah, it's interesting how thatkind of could translate, you
know, potentially to liketechnology, right, because, like
the things 20 years ago, youtypically think that those are,
like, you know, dead pieces ofmalware, right, or dead pieces
(05:25):
of technology just overall, butsome of that stuff, some of that
stuff, surprisingly, is stillaround, right.
I mean, is that true?
Maybe I'm wrong.
Maybe they tweak it so muchthat it's no longer the same
thing.
What's your opinion on that?
Speaker 2 (05:43):
So that really depends.
You know what kind oftechnology I mean.
You see today that you knowtechnology evolved really fast
on one end or the other and somethings are still traditional.
So that really depends.
You know, talking about maybetraditional areas where
(06:04):
technology you know improves alittle bit slower, especially in
the military, medical stufflike that, more conservative
domains, I think they aregetting even faster today.
So everything gets really fast.
Speaker 1 (06:24):
Yeah, yeah, that's very true.
I mean, like today, you know,for instance, we have the Apple
event, right, and, like you know, I'm sure that new chip is
going to be 10 times, 15 timesfaster than the one I have in my
laptop right now, which waslike their first gen Apple
Silicon.
You know, yeah, it'sfascinating even to see.
(06:45):
You know, I'm on the technicalside of it, right, so it's
fascinating when I see, likethese software, you know,
manufacturers, or even hardwaremanufacturers, and they have,
you know, the capability tostill have that old piece of
software running on theirmachine, it like intrigues me a
little bit.
It's like, man, like how didthey think this through to have,
(07:06):
like these, you know, theseplugins by default and these
languages and what not, likepulled in libraries and whatnot.
It's, it's fascinating, right,but we don't have to go down
that rabbit hole, right, likewe'll, we'll talk about that
forever.
When you were, when you weregetting out of the IDF, you was
that like, did you have troublefinding your next thing?
(07:30):
And I ask that because, inAmerica, when I talk to these
guys from the NSA and from theCIA and whatnot, they can't talk
about what they did for likefive to seven years right.
So they have to like fabricatetheir experience, they have to
fabricate their history rightand hopefully find a job and if
they make it past like thatseven year mark, you know like
(07:53):
they're able to like kind ofopen the door into like oh yeah,
I was a spy, or oh yeah, Ihacked, you know, for the NSA
and things like that.
Is that the same kind of, Iguess, mentality in Israel, or
is it different?
Speaker 2 (08:08):
So back these days it was very clear for me that you
know, after I finished themilitary service, I go to the
tech union to get my degree.
I think that it's a little bitdifferent today, because it's
getting really hard to get tothose units today and if you're
(08:28):
good at what you are doing, youdon't need to have any degree.
You can just find a job andsince companies in Israel are
full of employees that went outfrom these units, you can
discuss a little bit about whatyou did and you can go directly
from the military service towork without even having a
(08:49):
rebound.
You know, 25 years ago this,I'm not having it again.
I think that for me, gave me amore mature academic background
for what I'm doing today.
And I think you know there's anincreasing demand for software
engineering all over the world,especially in Israel.
You can see, even I know, thatbig companies, even Google,
(09:15):
facebook, apple that have bigoffices in Israel, they have a
list of many open jobs for along time.
So it's not about softwareengineers today and this is why
you know employees, many of themare jumping directly from the
IDF.
They can't enforce to directemployment with those giant or
(09:38):
other sort of means.
So that's the difference.
It's getting a little bitdifferent than it used to be huh
, yeah, that is.
Speaker 1 (09:50):
I mean I'm sure that, like all of those big tech
companies, would you know,market their services, their
opportunities in Israel.
Just it being such a such aplethora, right of good
experience, right, high skillsets and, like you said, like
(10:12):
the 8200 group, it's becomingmore and more difficult to get
into it.
Right, like that is maybe themost elusive thing.
Right, like the same thing inthe States here.
Right, like with the NSAsa, thecia, like if you say that you
were a hacker for the nsa, Imean people will, will fire
their entire red team for you.
(10:33):
Like they'll, literally,they'll just give you whatever
you want.
It's like, oh yeah, I don'tlike working with this guy.
Okay, he's fired by the end ofthe day.
What else?
Speaker 2 (10:43):
Again, the industry in Israel is not only subsidiary
of Ford.
There's a big variety ofsoftware companies, especially
software companies, also othercompanies in Israel.
It's important, yet not thebiggest domain in Israel.
Speaker 1 (11:03):
So why do you think that that is right you kind of
touched on it a little bitbefore where, when you're in the
military or in that group, youget the opportunity to kind of
decide your own work rightmentality, where you're able to
(11:28):
identify a gap right that thatyou may have with the current
tool set or whatever that itmight be that you're using right
, and so then you start creatingsomething from scratch.
And it's that experience thatkind of builds upon itself,
because you have to view thingsfrom like a very much a reverse
engineering mindset, right.
I'll give you an example.
I have a good friend of minethat was a cyber warfare officer
for the Navy, right, he doesn'ttalk about it publicly or
(11:50):
anything like that.
But I asked him like, finallyit took me like weeks to get out
of him what he actually did,you know and he said, yeah, like
I created the proprietary simand edr solution for the navy.
And I said what do you mean bycreate?
(12:11):
Like there's crowd strike outthere, like why would you create
something that's already beencreated?
Right, like it doesn't makesense to me.
And he, he literally explainedit like yeah, they give you no
budget and they give you a taskcreate this thing, and if you
don't, you're going to be offthe team, like that's plain and
simple, right.
And so this guy you know we'reevaluating like a CSPM solution,
(12:33):
and he's, he's sitting here inthe background, he's like I
could create it for you knowthis amount of money and this,
and that, hey man, we're not inthe military anymore Like we're.
We're not in the militaryanymore Like we're.
We're.
We're buying a solution.
(12:53):
We're not creating, you know,some like brand new solution
that only you know about opensus up to a lot of risk.
Is it?
Is it that mentality of likereverse engineering that you
know, you think like paysdividends in other areas of
technology and whatnot?
Speaker 2 (12:59):
So let's say it's 200 units so, for example.
So if you try to compare it toa standard company, the way they
are working, so we havecommanders that you can compare
it to your boss, so it's verysimilar.
It's more civilian than otherunits in the military.
On some domains, you need to bevery creative.
(13:24):
On some domains, you need to bevery creative.
On the others, you havelong-term projects that you're
working on.
It can be a few years, withmany people working on them, and
you have a very clear scheduleof what you're going to do.
So it really depends on whatyou're doing.
Again, this is the biggestthing with the idea.
So that really depends on whatyou are expected to do.
(13:48):
You can be either creative orthe project.
Either way it's veryinteresting.
Speaker 1 (13:54):
Yeah, yeah, absolutely.
So when you got out of yourschool right, the MIT of Israel
and whatnot where'd you go fromthere?
Where'd you find yourself?
Speaker 2 (14:05):
So I worked for the Tech Union.
I was like one of theprofessors in computer and
graphics actually.
So I think I was one of thefirst professors in the world
that touched programmable GPUs,and we did it for research.
(14:25):
And then I started my first jobin this domain.
I worked here for two years.
I joined a startup right afterthe founders raised money.
My first job was an R&D managerof a very small startup that
did very sophisticated thingswith computer graphics on mobile
(14:49):
phones.
Back these days it was, I think,six, seven, something like that
no iPhones, no Android phones.
Iphone was not launched yet.
We worked on similar devices.
You mentioned it before.
(15:11):
Like an ancient history.
It was only, I mean, 16 yearsago, something like that.
30 years ago we didn't have anyiPhones or Android devices.
So I worked then and then, witha friend of mine, we had an
idea.
(15:31):
Smartphones sort of became athing, and if you remember
smartphones for example, symbian, if you remember by Nokia they
were very complicated for users.
I mean, if you want to set upyour email, if you were not tech
(15:53):
savvy you couldn't do it andsmart home started to become
more and more popular.
Again, that's only thebeginning of iPhones and Android
and we had an idea that thoseusers needed some help from the
support center.
So why wouldn't we give themsome help or the call center
help by remote controlling thosesmartphones?
So the customer is calling thecall center and the agent is
(16:21):
able to remote control hissmartphone and do the job for it
.
So we did that.
We founded our own company andraised money and went to some of
the call centers in the worldin Israel, in India.
We also had a pilot with AT&Tin USA and I was in this company
(16:44):
until three years ago.
But this company did some pivotduring that time.
So it started to offer somemanagement solutions for
enterprises like MDMs andeventually this company
completely pivoted.
What the company is doing anddid a secure operating system
(17:11):
for enterprises.
But the focus was about, Iwould say, connecting devices
and equipment that needs securecommunication.
I'll give you an example.
So let's say you have apacemaker and you get you know
in the operating room.
This pacemaker is coming with asmartphone today.
(17:33):
So the pacemaker is implantedand it is connecting via the
smartphone to the manufacturerfacilities.
So originally thosemanufacturers they used
off-the-shelf devices likeSamsung.
(17:54):
There are some that are stillusing.
The idea was to curate thedevices.
That is dedicated for thismission.
So we need to be secure, weneed to be managed in a way that
you know we have a fleet ofdevices, so we need to be secure
.
We need to be managed in a waythat you know we have a fleet of
devices and you need to have,like, a long-lived supply chain,
because you know consumerdevices, they're manufactured
and then after a year, you know,no one is manufacturing them In
(18:16):
the medical industry, thinkingabout pacemakers and insulin
injectors.
They're long-lived and they,you know, proceed to approve
them via the FDA.
So this is what this company isdoing.
It's actually still doing ittoday With AT&T, by the way, for
some of their end customers,but for me it was, you know,
(18:40):
after so many years there.
And then we had the idea, youknow, we want to make a real
private, secure phone for theend users, not for enterprises
or governments, which is what wedid in my previous company, and
I think the focus is not onlyprivacy and security but also
(19:02):
making everything convenient,because what we discovered, you
know, in my old company, is thatwhen you know, you know users
were interested in a product,but you need to be very have
very technical understanding ofhow to operate a device that
(19:22):
doesn't have the convenience ofa normal smartphone.
And then we decided to foundUnplugged.
So Unplugged was like a certainevolution of what I did before.
I gained all my experience withboth hardware and software from
my old company and, besidesthat, I know there were a few
(19:45):
attempts to do such a smartphoneexperience with both hardware
and software from my old company, and we decided to do.
You know, I know there were afew attempts to do such a
smartphone and we tried toanalyze, you know what, why
those companies didn't make it.
I mean, there's clearly ademand for some products, but
they were not very successful.
So when we tried to analyze andunderstand you know, do we need
to found this company?
(20:06):
We understand that severalthings were changed in the last
few years.
The first thing is that privacymatters for many users much
more than before, because theyare realizing how their data is
collected, shared, monetized,and there's a lot of awareness
(20:27):
for such products.
Another thing is that, unlikefive, six, seven or ten years
ago, for a small company it wasnearly impossible to create a
good hardware because the supplychain was very different.
(20:48):
All the big manufacturerscontrolled the hardware.
They had access to the high-endhardware which small companies
cannot even finance.
But today small companies canbuild their own smartphone from
scratch.
I mean, you still need somefunds to do it, but it is
(21:08):
possible.
And if you notice today youknow if you have your latest
iPhone or Samsung device, youwant to convert to the new
version of the hardware.
There's not much of adifference between every year.
Speaker 1 (21:24):
Yeah.
Speaker 2 (21:25):
I mean like almost nothing, yeah, version of Diablo
.
Speaker 1 (21:27):
There's not much of a difference between every year.
Speaker 2 (21:28):
Yeah, I mean like almost nothing.
Yeah, it's more on paper thansimply you can notice.
I mean the software is almosteverything.
So, yes, you can maybe get aslightly better camera or a
faster CPU that no one willnotice, except if you're a hard
gamer or trying to do somethingthat you don't need to do on
your smartphone from a CPUperspective.
So that gives the opportunityto do it.
(21:50):
But the third reason I thinkthat all previous attempts were
failing is because the userexperience was not good.
And basically, creating aprivacy phone means that you
must not have Google on yourdevice.
It's a difficult device andthat is very inconvenient.
(22:11):
Yes, so even for those usersthat want to understand the
importance of privacy, havingsuch a phone is very
inconvenient and if you see thepure extent, it's not a usable
device.
So we realized that our missionis to create not only a privacy
(22:32):
in a private and secure phone,it's to create a convenient
somewhere that no other user canuse.
During this path we alsorealized you know it was obvious
for us that the USA market isthe biggest market for such
devices.
We're going to launch it oninternational territories later.
(22:54):
We realized that you know weneed to do something really good
here.
So in USA what you see is thatyou know most users are most
customer consumers are buyingtheir phones from carriers and
even that transition from buyinga device from carrier to the
open market is a challenge inUSA.
(23:16):
You know everyone in the worldnot everyone else, but most
places in the world take Europe,for example you can see a big
part of the market is buyingfrom the open market.
I mean not from the carry.
We just realized that you knowmany consumers don't even know
what a SIM card is.
So realizing that that's a bigchallenge for us and this is
(23:40):
what we're trying to achievecreating a convenient phone,
secured phone, private phone andfocusing on the support and
doing the transition.
Speaker 1 (23:56):
So let's talk about that a little bit.
Right, let's dive into this.
You know, when I was getting mymaster's in cybersecurity and
one of the courses was mobilesecurity, right, and we were
really comparing, I was gettingmy master's in cybersecurity and
one of the courses was mobilesecurity, right, and we were
really comparing thearchitecture of Android to
iPhones and this was back in2018, you know.
So I'm sure it has changed someat this point.
(24:16):
Probably, honestly, it'sprobably more on the Android
side than the iPhone side, right, because iPhone focused more
specifically on, like, supplychain security to some extent,
right, having their own chips init and whatnot.
But a part of this course wasto actually, you know, find a
vulnerability.
It could be already known,could be whatever.
(24:37):
It is right, find avulnerability, exploit it on the
device of your choosing, and soI wanted to make this a little
bit difficult, right, I want tomake it a little bit challenging
and I wanted to find avulnerability, you know, with
Bluetooth on an iPhone.
Right, found the vulnerability,tried to exploit it.
I spent 36 hours trying toexploit it, something that was
(24:57):
never going to work because,basically, apple did a silent
security update, literally twoweeks before I started trying
this thing, and it was literallyfor this Bluetooth exploit.
I go and I attempted on Android.
Within you know, maybe 15, 20minutes, I have root on the
device and I'm able to controleverything about the device,
(25:18):
right, like that was.
That was a huge difference tome.
That was a huge eye opening.
You know, kind of event, right,maybe, and I'm a terrible
hacker, I mean, like, I don'teven claim to be a hacker, like
you know, if anyone were toapproach me at, like, def CON or
something like that, right,like I am not doing capture the
flag events or anything likethat, like you know, I'll go
(25:41):
watch, right, but I, I'm not,I'm not over here trying to hack
stuff.
But that that experience,though, even knowing, you know,
having that self-awareness, likehey, I'm not good at this, this
isn't like my forte in securityfor it to be that easy with
android it kind of swayed memore heavily even towards iphone
(26:01):
.
And the reason why I went fromAndroid to iPhone, you know,
probably 10 years before that,right, what was?
Because of the ease of use,right, I had a very bad
experience with Android.
I was downloading things fromthe Google Play Store that had
malware on it.
It had millions of downloads,right, like the Facebook app.
You know, the Facebook app hadmillions of downloads, or
(26:22):
whatever it was when I had anAndroid.
I'm downloading the Facebookapp.
You know, the Facebook app hadmillions of downloads, or
whatever it was, when I had anAndroid.
I'm downloading the Facebook appand it has malware in it, right
, and this malware is likeimpacting my device pretty
significantly, like theperformance is insanely
decreased.
You know everything about it,right, and so I, with that
experience and I even talked tolike Android support at the time
(26:45):
and said how the hell is thishappening?
This has happened three timesto me.
I'm literally going to your ownPlay Store and downloading it
this is even before me gettinginto cybersecurity and they're
saying well, you're downloadingit.
It has malware in it, yeah, andthere's no way to tell, and I'm
sitting here, like Google, it'syour Play Store.
You don't have a way of tellingif it has malware in it.
Speaker 2 (27:10):
So you touched so many interesting points.
I try to remember what you weretalking about, but let's start
with that.
So you're talking about maybe10 years ago, right?
So back these days, apple wasvery close.
You could not do much on theiPhone as a developer.
On the other hand, google hadeverything open.
(27:33):
I mean like almost everything,and that not only means from a
developer perspective what youcan do on the phone, all the
APIs, but also in terms of theGoogle Play Store.
You can upload an applicationto your store.
No one will even verify that.
No one will look at it on theapp.
(27:53):
They're not even automaticscanning of the apps.
Permission usage was if youcould use it, then you could
upload it to the store.
Both Google and Apple did somechanges.
So Apple became a little bitmore open.
They gave the developers moreoptions.
(28:14):
On one hand, google startedbecoming more secure in their
place let's talk about Androiditself in a second.
But today it's harder to uploadan application to Google.
There is some verificationprocess for you as a developer
for your app.
They restricted a lot of thingsthat you can do with your
(28:36):
applications.
Permissions were downgraded.
I mean you cannot do anythingthat you want to do as you used
to be and the whole operatingsystem is becoming more secure,
but again, we'll talk about itlater.
So things are changing all thetime and in the case of Google,
(28:59):
they also have the problem ofthe large device variety.
So you have so many devices outthere, so many versions of the
operating system, and they hadto do some work in order to make
sure that those that are outthere can maintain all the
(29:20):
security updates.
And they did a good job thereto be better and give the
manufacturers better support inupgrading the operating system,
making the upgrade easier forthem.
We see it's not by ourselves.
So we launched our operatingsystem based on Android 13.
(29:42):
We are updating to Android 14this year.
The process is not very hardfor us, even though we did many
changes in the operating systembased on Android system for more
security and for our needs, andit looks much better Now, if
(30:03):
we're talking about the Androidoperating system, android used
to be very light back these days.
You know we are devicemanufacturers, so we are in
charge of the operating system.
I see the Android source.
Actually, anyone can see theAOSP tree.
We see the old BSP tree,including the drivers and
(30:26):
everything and that is becominga huge piece of code, and most
of the changes are related tosecurity, and more and more
layers are added to prevent, tomake the operating system more
secure, what is exposed to otherapps, for example, something
(30:50):
that used to be very open, evena few years ago, now much more
close Stuff like that.
That permission mechanism wasevolved.
What person is giving tobuilt-in applications on the
phone?
So Android has become like ahuge monster and many code
(31:15):
changes are made in the Androidoperating system to support this
agenda.
Having said that, the more codeyou add, the more
vulnerabilities that you canpotentially enter the operating
system.
That actually brings adifferent topic, because we
discussed about iOS versusAndroid.
So iOS is a closed source andAndroid is not, and many
vulnerabilities are discoveredbecause it's an open source on
(31:36):
one hand.
On the other hand, apple closedsource policy prevents someone
from you know, take a look inthe source code and find
vulnerabilities.
So I assume that potentiallymore vulnerabilities exist on
Apple, even though probably theyare much harder to be found.
Speaker 1 (31:55):
That's interesting.
Yeah, that is fascinating.
You know, the last time Ilooked at like the device
architecture of iPhone versusAndroid, right, just kind of an
overarching architecture, youknow, it seemed like the iPhone
kind of protects the user fromthe user, right, like they have
(32:17):
sandboxes for their apps, theyhave sandbox for their user
space, they have it separatedfrom the operating system, even,
right, and there's veryspecific like keys that you have
to use to unlock each of thosecomponents and whatnot.
And you know, even, like if youwere going to, you know, take
it, take your iPhone right to anApple dev and say, you know,
(32:40):
open a terminal and troubleshootthis thing, like they would
have to have a very specific keywith a very specific you know
cable that's plugged into it,probably within the geofence of
you know Apple campus andwhatnot, right, all of those
things have to line up for themto be able to do that, which I
mean, at least from my opinion,right, like I haven't seen it
(33:01):
from your side, wherepotentially you're actually
actively thinking of new ways toexploit devices.
Right, because I mean, that'sprobably how you, you know,
built unplugged to some extent,right, like it's like, well,
what's what's available rightnow to exploit devices and
what's coming in the future toexploit devices.
I don't know it from that angle, but at least from my angle, it
(33:21):
seems like, okay, iphone getsme, you know, 85, 90% of the way
there in terms of security.
So I'm going to go with thatright.
And then I heard about theunplugged device, which was very
tempting to me.
Right, because I don't know ifyou've listened to the podcast
very much, but right beforeRussia invaded Ukraine, right On
(33:44):
the podcast I was calling outRussia, right when everyone else
was saying, oh, it's a warexercise or whatever it is.
You know, it's like, hey, theyhave tanks on the border for a
reason, like they're not justamassing to amass and they're
not doing this war exercisedirectly on the border for no
reason.
You know, I was activelycalling them out and I do the
(34:06):
same thing with China andwhatnot.
And it was interesting,literally the day that Russia
invaded Ukraine, my podcast gotblackholed or blacklisted in all
of Russia, china, Iran,basically all enemies of America
and Israel, they all justblacklisted my podcast
immediately.
Oh, it wasn't a substantialportion of my traffic, but it
(34:27):
was enough for me to be like Iused to get 15% from Russia and
now I get nothing, you know.
So it's like okay, you know soit's like okay, you know, that's
.
That's a substantial difference.
And very, I guess, veryinterestingly, right at the same
time I started getting very,very odd attacks, you know, on
(34:47):
my, on my PCs, on basically anyPC that was at home, which was
very interesting to me because Ihost a podcast.
Right, like, what the hell am Igoing to do?
How am I even, like seen aslike a threat to the state of
Russia or China or anything likethat, like you're literally
wasting resources, even if it'san automated script that you're
running, you're wastingresources trying to like get at
(35:11):
me, right.
And so that's when I started tokind of go down this whole
rabbit hole of how do I securemy devices?
Right, like, how do I?
I need to have a secure devicethat I can, that I can use if I
need to, that I can ensure isforever secured and in my
benefit.
And so that's how I kind ofstumbled on the unplugged device
.
So I say all of that right tokind of pivot, almost right, and
(35:35):
build a little bit of contextaround device.
So I say all of that right tokind of pivot, almost right, and
build a little bit of contextaround it.
So, the devices that we'recurrently using iPhones and
Androids do you think that theirprice would be even more
significant than they are todayif they were not selling our
data?
Yeah, which is yeah.
You think it would be?
How much more expensive do youthink it would be?
(35:56):
Like, what's the difference?
Speaker 2 (35:58):
So I think we did some math and I think the rough
number that Google's making onlet's say, I don't know the
Apple's number exactly, but Iguess they're similar, maybe
even more so we approximate Ithink you find some, some proof
or evidence for it that theymake about 150 to 200 every year
(36:23):
from you just for holding asmartphone that you know
manufactured by apple or googleso they're making 150 just from
me having the phone.
Speaker 1 (36:34):
Yeah Right, that's kind of like the default, that's
like the default usage of thephone, without really even like
clicking on different ads andstuff.
So this is not oh so are theybuilding enough, yeah, okay.
So are they building in a feewhen I Google a product, right,
like well, let's say, like overthe weekend I bought like a
(36:56):
torque wrench for my car, right,when I Google torque wrenches,
is Google getting a fee fromApple or Apple's getting a fee
from Google?
And then when I go to Amazonfrom that link in Google is like
Apple getting another fee fromAmazon Because I went to their
link on their phone.
Is that how convoluted it is.
Speaker 2 (37:19):
First, I think Google is paying Apple for being a
default search in their device.
It's one thing, but you shouldthink about private data, not
only about your searches,because the search can be done
on a private phone, but let'sthink you know your location
date.
So location even not talkingabout your specific location, I
(37:41):
mean your location as acollective data of locations
that can be sold to data brokersfor different purposes, so they
can make money from it or useit for their own product, to
build new products.
So this is one thing.
Let's see one of the challengesthat we have.
For example, we are the Googleshow, so we don't have the
(38:04):
luxury of using Google networklocation services, which is a
location service that is builtfrom user data, from their Wi-Fi
hotspots locations, for example.
Think about anything thatyou're doing on the phone that
is not related directly to whatyou're using, that everything
(38:27):
can be used for Google or Appleproducts and that can leverage
other skills.
So, um, I mean the number ofopportunities just being on your
phone as a infrastructuresoftware is, you know, infinite.
That's it so okay.
Speaker 1 (38:50):
So that is really fascinating and I think I have
like two major questions from itright, hopefully I don't forget
one of them From theperspective of Google getting
device location right.
So when I upgraded my iPhone, Iupgraded a couple of years ago
iPhone 14, I typically likeupgrade every four to six years,
(39:12):
you know, because kind of likewhat you said right, like
there's not like a giantperformance difference.
I'm not going to notice it, I'mnot going to feel it.
It's kind of timed with whenthey stopped supporting the
phone.
It's like, okay, I guess I haveto upgrade Right, cause I'm not
that big of an idiot.
You know to where I'm going tohave like a super old phone and
can't patch it.
But when you upgraded to therecent probably you know ios
(39:36):
right, it gave you the abilityto it.
It at least gives you the feelthat you're limiting.
How much these apps can you know, gather on you right, google
being a great example?
I mean, I'm sure someone atgoogle is going to be pissed off
at me if they hear this right,right, but you know like when I
got, I just remember, right inthe search app, it like asked
(39:59):
for my location information.
Denied, it went into the Nestapp Nest owned by Google and
sorry about that.
Nest requested my, my locationinformation.
Right, so I said yes to thatbecause because obviously I want
to run a more efficient home,you know I don't want a giant
electricity bill.
Nest does that thing.
You know that deals directlywith that.
(40:21):
I wonder if they're thenleveraging that permission of
saying he allowed us for Nest sowe're going to do the same
thing for, you know, googlesearch locations and whatnot,
which would actually kind ofmake sense for what I
experienced recently when I wentto a.
So I live in a blue state herein America and I mean, like
(40:42):
typically that's not evensomething that you like have to
say or like mention or anything,but it's so divisive or
divisive, you know, like now inthe world it's like you have to
build that context in.
So I live in a blue state andwhen I went to a red state, I
was bombarded with like leftmaterial, right, left, centered,
(41:05):
left, focused material.
I'm completely bombarded withit to the point where, like I
thought something was wrong withmy phone, right, I thought
something was wrong with mydevices because it was so off
the wall from what I'd normallysearch.
It makes me like recalibrate,like well, how are they actually
getting that info right?
(41:25):
Like, are they just getting itfrom GPS information?
Because, like that's such aloaded topic, it's such a loaded
you know loaded thing to diveinto In your opinion, in your
own research, because you'rebasically the expert in the
field.
Is that what they're doing?
Are they kind of leveragingthat access in one area to be
(41:46):
like, well, it's a Googlecompany, we're going to do it
over here too.
Speaker 2 (41:51):
First, specifically for the Nest, I'm not sure I
need to read their.
You know terms and conditions,but you know, think about, let's
say, you don't want to shareyour information, your location
data, your inaccurate location,can still be accessed through
several methods.
For example, you know, if youknow the Wi-Fi MAC address that
(42:15):
you're connecting to, they canget to your almost exact
location, I mean as an appdeveloper, for example.
So that may be or may not beblocked in a specific app, but
certain apps can access it.
But I think I have a goodexample and about maybe that you
know, I think I have a goodexample about maybe that will
(42:37):
give you some evidence aboutwhat those companies are trying
to do and how apps developers or, let's say, those data brokers,
are bypassing.
So I want to talk about theAdvertising ID.
You know it was a few years ago.
Everyone had it.
It was Apple, google.
(43:01):
Apple blocked it.
You know, blocked the data fromFacebook.
Google even, you know, decidedthat.
You know it would not bemandatory.
You can even disable it.
That should be enough to cut orto stop the efficiency of the
add-in industry.
(43:21):
So, add-in industry are youfamiliar with the add-in
industry?
Maybe I'll explain.
So the add-in industry is acybersecurity hacking domain
that allows a very effective,cost-effective, actually
targeting, profiling and gettinginformation about people.
(43:44):
So the idea is that, let's say,I want to know your location.
All I need to do is to do someadvertisement campaign that
targets your profile.
I know your age or, I would say, approximate location I mean
which city you are, what is yourinterest and then I send some
(44:06):
advertisement data to containyour location and then I use
this information that I gatheredfrom this campaign to know your
specific location, for example.
Let's say, for example, I getlike 1,000 hits that you know
this campaign was.
You know 1,000 people that thiscampaign hits in your city.
(44:32):
I know where you're living.
I know where you're working.
I see only one person withthose two locations.
I know where you're living.
I know where you're working.
I see only one person withthose two locations.
I know it was you.
They can trace back all yourlocations.
So, given that you don't havethis head ID, this industry
should now be blocked.
But that's not the case becauseI can still profile you from
(44:56):
other data on your device.
So if I know, you're not evenneed to know.
I need to get your device model, some other characteristics of
your phone, a few that those adscan get, like mobile carrier
and some other parameters.
I can narrow down thoseparameters like 9, 10, 11
(45:19):
parameters and gather all ofthem together to give an ID,
like a fake ID, to your device.
So, even though Google andApple are trying to blow up and
give more secure products in,essentially you know there is
(45:42):
some okay, because you knoweventually it will not allow all
the apps to the way they should.
So the into the apps haveaccess to the system, to the
data on your phone.
You're onto the applicationtool.
So, yes, they're doing a lot inthis area, but that is not
enough, especially for thoseattackers that you know will
(46:06):
find any way again, even withouthacking your phone, to get
information about.
Speaker 1 (46:12):
That's really.
It's interesting.
You know, I feel like peoplealways had the mentality it's
maybe a legacy mentality, rightwhen they have to, like, hack
your actual device in order to,you know, gain information or
track you or whatnot.
It seems like they don't evenhave to hack your device anymore
.
They just have to pay a databroker to get whatever they want
(46:36):
.
Right, I mean like, and with Imean I I guess with, from what
you were saying.
With iphones, with androids, youknow, it's basically impossible
to to block that stuff.
Right, because it's almost likeapple gives you the illusion of
privacy and I I mean pleasecorrect me if I'm wrong Right,
(46:58):
but it seems like they do a bitof a better job than Google
overall, right, if we're not, ifwe're not thinking of this, you
know, data broker side of it,right, it seems like they do a
good job overall of protectingtheir users from themselves,
protecting their devices.
You know, ensuring privacy, tosome extent, it seems like they
do a good job of it, but youknow, it's like it's difficult
(47:22):
because it turns into asituation where one you know,
I'm I'm a security person, I'mmore aware of it than you know
98, 99% of the population.
How in the world is you knowsomeone of the population?
How in the world is you knowsomeone like my parents, you
know, in their, in their 50s,60s, right, they're never going
to know the difference, they'renever going to think about that
(47:44):
or anything like that, and soyou need a device that's doing
it, you know, automatically.
Because if, like you said, ifapple were to actually make that
change on their device, like 95, 99 of the apps on their device
wouldn't even work, apple wouldhave to go into the business of
recreating all these apps youknow themselves to make it work
on their device yeah, actuallyit's.
Speaker 2 (48:07):
it's opposed to their business model.
It's just opposed to thebusiness model and you, you know
, we created in the app phone.
One of the biggest things thatwe put on the phone is a
firewall that blocks trackersand ads, not only in the web
browser, also in the apps.
So, you know, trackers most ofthe apps have trackers.
(48:33):
Some of them are, you know,legit, like from the developers
to collect some data about theusage of the app.
Some are for just selling thedata and, by the way, our new
antivirus version that we'regoing to release later this
month will show this informationfor use.
(48:54):
You can install it also onregular inverse phones.
This information, by the way, ispublic.
I mean, most of the users donot know how to access it.
They do not know that theyshould, you know, track those
trackers or even have trackers,and antivirus is not even
showing this data because theyare failing in this area too.
They have some trackers bythemselves.
(49:15):
So this is one thing.
Another thing is that, you know, regarding Apple versus Google
in terms of software.
So, when you spoke about hackers, I think so, if you know
Cetabright, cetabright, they areproviding for government
(49:37):
agencies the ability to hack toyour device.
So if they have a criminal'sdevice, they can hack into the
device and collect data.
So there's a leaked documentfrom Cellebrite of the brightest
about maybe five, six monthsago they divided the, the
categories for android, iphonesand uh, generally speaking, I
(50:01):
think.
I mean they don't have thesolution for the latest iphone,
but you just risk three days forthat.
From my experience, they arealways have the ability to hack
into the and also to mostAndroids, and they had a very
(50:21):
nice section separated just forGraphene OS on Pixel devices and
it's a separated section andit's clear that Graphene OS on a
Pixel device is more securethan any iPhone or Android
device.
So that's very interesting forus.
(50:45):
Of course, our understanding isthat Graphene OS is not
accessible for most of the users.
They cannot just do a Pixelphone and flash the device.
But there are ways in software,similar things that we are
doing, to protect you and an enduser.
Speaker 1 (51:04):
So what's the OS that the unplugged device is running
?
You said that it wasessentially Android 14 on the
back end.
What are you calling yourbranch of Android 14?
Speaker 2 (51:16):
So it's LibertOS or Libertos, so it's a variant of
Android.
It's based on a very cleanversion of Android.
We don't have any Googleservices.
We strip everything off fromthe operating system and then
build on top of the operatingsystem.
You know our security andprivacy, so it's a standard base
(51:37):
.
Speaker 1 (51:37):
That's really fascinating.
You know, I wish we had moretime, but I always try to, you
know, stick to the time limitthat I give everyone, so you
know before I let you go.
How about you tell people wherethey can find you if they
wanted to reach out and learn?
You know, maybe connect withyou right, and where they can
find your unplugged device?
Speaker 2 (51:56):
Yeah, so unplugged is available at wwwunpluggedcom.
Just search for unplugged onany search engine.
You can buy the phone today inUSA, canada.
The phone, by the way, iscompatible to most networks
around the world.
(52:16):
We're just now selling it inUSA and Canada only because of
certification and logistics.
We want to expand.
Actually, we're starting ourEuropean certificate right now,
so our next big market will beEurope and you can actually
reach us also in the appmessenger.
So the app messenger is oursecure messenger.
(52:38):
You can download for anyandroid or iphone device.
Now we have some.
We have a group there, like wecall the early adopters group,
and some of us, including me,are in this group.
So you can reach us there.
And we have live agent support.
That you know from our apps andalso from the phone.
(53:01):
You can reach our support and,you know, ask questions.
We have a lot of information onour website.
We'll try to bring more andmore information there.
The more we ask, the more weput.
But again, the FAQs section isquite big already, so you can
find.
Speaker 1 (53:22):
Yeah, perfect.
You know, ron, like I reallyappreciate you know you coming
on the podcast.
This is a really fascinatingconversation.
I definitely want to have youback on in the future to kind of
continue our conversation evenand do a part two it was great.
Yeah, yeah, it was fantastic.
I really appreciate it.
So you know, thanks for comingon, of course, and I hope
(53:43):
everyone listening or watchingenjoyed this episode.
Bye, everyone, bye.
Thank you very much, thanks.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!