0:54

how's it going around ? It's , uh , it's great

0:56

to get you on the podcast . You know , we kind of put this

0:58

together I guess , for my standards

1:00

, right for scheduling a guest . We put it together

1:03

like last minute , even though it was like two months

1:05

ago , yeah , at this point . But

1:07

like at this point in time , like

1:09

with the podcast , it's interesting

1:12

, right , because I always want to get

1:14

people on like as quickly as possible

1:16

. But then I I look at my backlog and I'm like

1:18

, well , shit , like their , their

1:21

episode wouldn't even go live for six months . So

1:23

it's like , okay , we got to push this out . You know a bit

1:25

like make it more reasonable and whatnot . But

1:28

yeah , it's a real , it's a real pleasure and

1:30

honor to have you on the podcast today .

1:32

Thank you . It's very nice to be here , nice

1:42

to , to , to have the opportunity , uh , to present me and the company and be in this

1:44

podcast .

1:44

Thank you , yeah , yeah , absolutely . You know , for , for those

1:47

, for those not very familiar

1:49

with the podcast , right , and how we kind

1:51

of structure it , you know , I , I get guests

1:53

pitched to me every single day , right

1:56

, every single day someone new is pitching me . This

1:58

time , right , I actually pitched you to

2:00

come on the show , and when I do that

2:03

, I don't do it very often , but when I do that

2:05

, you know , it's because you do something really

2:08

interesting . You've created something really interesting

2:10

that I believe in personally

2:12

, right . So I start everyone off

2:14

with kind of giving their background . What made

2:17

you want to get into cybersecurity ? What made you

2:19

get into IT ? Was there a point in time

2:21

where you know , when you're looking back , you're like , oh

2:23

, that experience with my dad

2:25

or my older brother , whatever it might be , with

2:28

this computer kind of opened my eyes to

2:30

the world of technology . You know , what

2:32

would that be for you ?

2:34

So I think

2:36

everything started , you know , in the military service

2:39

. I served in the Israeli military

2:43

, in the IDF . I was in the 8200th

2:47

unit , if you're familiar with it , which is the technology

2:50

intelligence unit . That's

2:52

where everything started for me . Then

2:56

I went to the Technion to have my degree

2:58

, which is equivalent

3:00

to MIT , to do the

3:02

comparison , and so

3:05

that's where everything started for me

3:07

. Wow , yes

3:09

.

3:11

So was there any

3:15

interesting projects

3:18

or things that you could , you

3:21

know , kind of discuss a little bit like in loose

3:23

details , right ? That you did when

3:25

you were , you know , in the IDF

3:27

group . I've had a lot of you guys on

3:29

and it's always interesting to

3:31

just hear the specialties and like

3:34

how broad the specialties are right , Because

3:36

Israel is known for

3:39

having top-tier cybersecurity

3:42

talent within the

3:44

military component and whatnot . It's

3:46

always fascinating to me .

3:47

Yeah , so first , we're talking about

3:50

over 25 years ago , so it's a long time

3:52

ago . But

3:55

in the IDF regardless by

3:57

the way , which guns , by the way which you are you are

3:59

there to be independent . So

4:02

you are starting to getting

4:05

mature much faster than I think anywhere

4:07

else , because you get a

4:09

lot of responsibilities again , whether

4:12

you're in the field with guns or

4:14

whether in the back office with

4:16

the technology . So I

4:18

think that's a great advantage

4:21

for Israeli , even though it's a mandatory

4:23

service for everyone . But

4:25

it also

4:27

gives you life experience very

4:30

early . So I think and

4:32

it's well discussed in many places

4:35

about why Israel is

4:37

a startup nation , so a

4:39

big part of it is the idea . So

4:42

the idea . I cannot really talk about what I did there

4:45

, but you can understand that

4:47

we're talking about cyber

4:49

projects that

4:52

get your experience . Again , we're talking about almost

4:55

25 years ago . It

4:59

only changes all the time , but , uh , um

5:02

, the same thing that you know . Give me a

5:04

really , really big push , uh

5:07

, in this field yeah

5:10

, it's fascinating .

5:12

You know , man , I , I

5:14

was , I was with a friend over this weekend

5:16

, right , and uh , they , they

5:18

had their like seven or eight year old there

5:21

we were watching a football game and

5:23

you know , we we brought

5:25

up like , oh , that was 20 years ago , right

5:27

, and it kind of felt like , kind of felt like yesterday

5:29

. Honestly , like I , I remember I remember

5:31

that time frame like very well , it was

5:33

a lot of fun for me and you

5:36

know , we were talking about it . You

5:38

know it was like in 2005 , right , we were talking

5:40

about like this thing that happened 20

5:42

years ago and their kid was like wait

5:45

a minute , that's 20 years ago

5:47

. And we're like , wait , what

5:49

, what don't

5:51

say that . And then , two , you know

5:53

that that's like crazy , that we're like , you

5:56

know , thinking about this memory , right , that

5:58

we experienced 20 years ago and it's

6:00

still so fresh in our minds and whatnot

6:02

. Yeah , it's

6:04

interesting how that kind of could

6:07

translate , you know , potentially to like technology

6:09

, right , because , like the things 20

6:11

years ago , you typically think that those are , like

6:13

, you know , dead

6:16

pieces of malware , right , or dead pieces

6:18

of technology just overall , but

6:21

some of that stuff , some

6:23

of that stuff , surprisingly , is still

6:25

around , right . I

6:28

mean , is that true ? Maybe

6:30

I'm wrong . Maybe they tweak it so much that it's

6:32

no longer the same thing . What's

6:35

your opinion on that ?

6:36

So that really depends . You know what

6:39

kind of technology I mean . You

6:42

see today that you know technology evolved really

6:44

fast on one end or the other and

6:46

some things are still traditional

6:48

. So that

6:50

really depends . You

6:53

know , talking about maybe traditional areas

6:57

where technology you know improves

6:59

a little bit slower , especially in the

7:01

military , medical stuff

7:03

like that , more

7:05

conservative domains

7:09

, I think they are getting even faster

7:11

today . So everything gets

7:13

really fast .

7:17

Yeah , yeah , that's very true . I mean , like today

7:19

, you know , for instance , we have the Apple

7:21

event , right , and , like you

7:24

know , I'm sure that new chip is going to be

7:26

10 times , 15 times

7:28

faster than the one I have in my

7:30

laptop right now , which was like their first

7:32

gen Apple Silicon . You know , yeah , it's

7:36

fascinating even to see . You

7:38

know , I'm on the technical side of it , right

7:41

, so it's fascinating when

7:43

I see , like these software , you know , manufacturers

7:45

, or even hardware manufacturers , and they

7:47

have , you know , the capability

7:50

to still have that old

7:52

piece of software running on their machine , it

7:54

like intrigues me a little bit . It's

7:56

like , man , like how did they think this

7:59

through to have , like these , you know , these plugins

8:01

by default and these languages and what not

8:03

, like pulled in libraries and whatnot

8:05

. It's , it's fascinating

8:07

, right , but we don't have to go down that

8:09

rabbit hole , right , like we'll , we'll talk about that forever

8:12

. When you were , when

8:15

you were getting out of the IDF , you

8:18

was that like , did

8:21

you have trouble finding your next

8:23

thing ? And I ask that because , in America

8:25

, when I talk to these guys from

8:27

the NSA and from the CIA

8:30

and whatnot , they can't

8:32

talk about what they did for like five to

8:34

seven years right . So they have to like

8:36

fabricate their experience

8:38

, they have to fabricate their history right

8:41

and hopefully find a job and if

8:43

they make it past like that seven year mark

8:45

, you know like they're able to like kind

8:47

of open the door into like oh yeah , I was

8:49

a spy , or oh yeah , I hacked , you

8:52

know , for the NSA and things like that . Is

8:54

that the same kind of , I

8:57

guess , mentality in Israel , or

8:59

is it different ?

9:01

So back these days it was very clear for

9:03

me that you know , after I finished the military

9:05

service , I go

9:07

to the tech union to get my

9:10

degree . I think that it's

9:12

a little bit different today , because it's

9:15

getting really hard to get to

9:17

those units today and

9:20

if you're good at what you are doing , you

9:23

don't need to have any degree . You can just find

9:25

a job and since

9:27

companies in Israel are full of

9:30

employees that went out from

9:32

these units , you can discuss

9:34

a little bit about what you did and

9:37

you can go directly from the military

9:40

service to work without even having

9:42

a rebound . You know , 25 years ago this

9:45

, I'm not having it again . I think that for me

9:47

, gave me a

9:49

more mature academic

9:51

background for what I'm doing today

9:54

. And I

9:56

think you know there's an increasing demand for software

9:58

engineering all over the world , especially

10:01

in Israel . You can see

10:03

, even I know , that big

10:06

companies , even Google , facebook

10:08

, apple that have big offices

10:11

in Israel , they have a

10:13

list of many open

10:16

jobs for a long time . So

10:19

it's not about software engineers today and this is why

10:22

you know employees , many of them are

10:24

jumping directly from the IDF

10:26

. They can't enforce to

10:28

direct employment with those

10:31

giant or other sort of means . So

10:34

that's the difference . It's getting

10:36

a little bit different

10:38

than it used to be huh , yeah

10:41

, that is .

10:43

I mean I'm sure that , like

10:45

all of those big tech companies , would

10:48

you know , market their

10:51

services , their opportunities in Israel

10:53

. Just it being such

10:56

a such

10:58

a plethora , right

11:00

of good experience , right

11:02

, high skill sets and , like you said

11:04

, like the 8200

11:06

group , it's becoming more and more difficult

11:08

to get into it . Right

11:10

, like that is maybe

11:13

the most elusive thing . Right , like

11:15

the same thing in the States here . Right , like with

11:17

the NSAsa , the cia , like if you

11:19

say that you were a hacker for

11:21

the nsa , I mean people will

11:23

, will fire their entire red team

11:25

for you . Like they'll , literally

11:28

, they'll just give you whatever

11:30

you want . It's like , oh yeah , I don't like working

11:32

with this guy . Okay , he's fired by the end of

11:34

the day . What else ?

11:36

Again , the industry in Israel is not only

11:38

subsidiary of Ford . There's

11:42

a big variety of software companies

11:44

, especially software companies , also other companies

11:47

in Israel . It's important , yet not

11:53

the biggest domain in Israel

11:55

.

11:56

So why do you think that that

11:59

is right you kind of touched on it a little bit before

12:01

where , when you're in the military

12:04

or in that group , you get the opportunity to

12:06

kind of decide your own

12:08

work right mentality

12:20

, where you're able to identify a gap right that that you may have with the current tool

12:22

set or whatever that it might be that you're using right , and so then you start creating

12:25

something from scratch . And it's that

12:27

experience that kind of builds upon itself , because

12:29

you have to view things from like

12:31

a very much a reverse engineering mindset

12:34

, right . I'll give you an example . I

12:37

have a good friend of mine that was

12:39

a cyber warfare officer for the Navy

12:41

, right , he doesn't talk about it publicly

12:43

or anything like that . But I

12:45

asked him like , finally it took

12:47

me like weeks to get out of

12:50

him what he actually did , you

12:52

know and

12:54

he said , yeah , like I created

12:56

the proprietary sim

12:58

and edr solution for

13:00

the navy . And

13:02

I said what do you mean by create ? Like there's

13:05

crowd strike out there , like why would you create

13:07

something that's already been created ? Right

13:09

, like it doesn't make sense to me . And

13:11

he , he literally explained it like yeah

13:13

, they give you no budget and they give you a task

13:15

create this thing , and

13:17

if you don't , you're going to be off the team , like that's

13:20

plain and simple , right . And so

13:22

this guy you know we're evaluating

13:24

like a CSPM solution , and he's

13:27

, he's sitting here in the background , he's like

13:29

I could create it for you know this amount

13:31

of money and this , and that , hey

13:33

man , we're not in the military anymore Like

13:44

we're . We're not in the military anymore Like we're . We're . We're buying a solution . We're not creating

13:46

, you know , some like brand new solution that only you know about opens us up to a lot of

13:48

risk . Is it ? Is it that mentality of like reverse engineering that you know , you think like pays

13:50

dividends in other areas of technology and whatnot ?

13:52

So let's say it's 200 units

13:55

so , for example . So if

13:57

you try to compare it to a standard company

13:59

, the way they are working , so

14:01

we have commanders that you can compare

14:04

it to your boss , so

14:06

it's very similar . It's more civilian

14:09

than other units in

14:11

the military . On

14:13

some domains , you need

14:16

to be very creative . On

14:18

some domains , you need to be very creative . On

14:21

the others , you have long-term projects that you're working on . It can be a few years

14:24

, with many people working on them

14:26

, and you have a very clear schedule

14:28

of what you're going to do . So it really depends

14:30

on what you're doing . Again

14:34

, this is the biggest thing with the idea . So

14:37

that really depends on what you

14:40

are expected to do . You can

14:42

be either creative or the project . Either

14:44

way it's very interesting .

14:47

Yeah , yeah , absolutely . So

14:50

when you got out of your school

14:52

right , the MIT of Israel

14:54

and whatnot where'd you go from

14:56

there ? Where'd you find yourself ?

14:58

So I worked for

15:00

the Tech Union . I

15:03

was like one of the professors

15:05

in computer and graphics actually . So

15:08

I think I was one of the

15:10

first professors in

15:13

the world that touched programmable

15:16

GPUs , and we did it for

15:18

research . And then I

15:21

started my first job in this domain . I

15:24

worked here for two years . I

15:27

joined a startup right

15:30

after the founders raised money . My

15:33

first job was an R&D manager of

15:35

a very small startup that

15:37

did very sophisticated

15:40

things with computer graphics on mobile phones

15:42

. Back

15:44

these days it was , I

15:46

think , six

15:51

, seven , something like that no

15:55

iPhones , no Android

15:58

phones . Iphone was not launched yet

16:00

. We worked on similar devices . You

16:03

mentioned it before . Like an ancient history

16:06

. It was only , I mean

16:08

, 16 years ago , something like

16:10

that . 30 years ago we

16:14

didn't have any iPhones or Android devices

16:16

. So

16:18

I worked then and then

16:20

, with a friend

16:22

of mine , we had an idea . Smartphones

16:25

sort of became a thing , and

16:27

if you remember smartphones

16:30

for example , symbian

16:32

, if you remember by Nokia they were very

16:34

complicated for

16:37

users . I mean , if

16:39

you want to set up your email , if

16:46

you were not tech savvy you couldn't do it and smart home

16:48

started to become more and more popular . Again , that's only the beginning

16:50

of iPhones and Android and

16:53

we had an idea that

16:55

those users needed some help from the support

16:57

center . So why wouldn't

17:01

we give them some help or the

17:03

call center help by remote controlling

17:05

those smartphones ? So

17:07

the customer is calling the

17:11

call center and the agent

17:13

is able to remote control his smartphone

17:15

and do the job for

17:18

it . So we did that . We founded

17:20

our own company and

17:23

raised money and

17:26

went to some of the call centers in the world

17:28

in Israel , in India . We

17:31

also had a pilot with AT&T in USA

17:33

and

17:36

I was in this company until

17:39

three years ago . But this company

17:41

did some pivot during that

17:43

time . So

17:45

it started to offer some

17:47

management

17:49

solutions for enterprises like MDMs

17:51

and eventually this

17:54

company completely pivoted

17:57

. What the

17:59

company is doing and did

18:02

a secure operating system for

18:05

enterprises . But

18:07

the focus was

18:09

about , I would say , connecting

18:11

devices and

18:13

equipment that needs secure

18:16

communication . I'll give you an example . So

18:18

let's say you have a pacemaker and

18:21

you get you know in the

18:23

operating room . This pacemaker is coming with

18:25

a smartphone today . So the pacemaker

18:28

is implanted and

18:31

it is connecting via

18:34

the smartphone to

18:37

the manufacturer facilities

18:39

. So

18:41

originally those manufacturers

18:44

they used off-the-shelf

18:46

devices like Samsung . There

18:48

are some that are still using . The

18:51

idea was to curate the devices . That is dedicated

18:53

for this mission . So we need

18:55

to be secure , we need to be managed in a way that you

18:57

know we have a fleet of devices , so we need to be secure . We need to be managed in a way that you know we have a fleet

18:59

of devices and you need to have , like

19:02

, a long-lived supply chain , because you know consumer

19:04

devices , they're manufactured

19:06

and then after a year , you know , no one is manufacturing

19:09

them In the medical industry , thinking

19:11

about pacemakers and insulin injectors

19:13

. They're long-lived and they , you know

19:15

, proceed

19:18

to approve them via the FDA . So

19:21

this is what this company is doing . It's actually still

19:23

doing it today With AT&T

19:25

, by the way , for some of their end

19:27

customers , but for

19:30

me it was , you

19:32

know , after so many years there

19:34

. And then

19:37

we had the idea , you know , we want

19:39

to make a real private

19:41

, secure phone for

19:43

the end users , not for enterprises

19:45

or governments , which is what we did in my

19:47

previous company , and

19:50

I think the focus is not

19:52

only privacy and security but

19:54

also making everything

19:56

convenient , because what

19:59

we discovered , you

20:01

know , in my old company , is that when

20:03

you know , you

20:10

know users were interested in a product

20:12

, but you need to be very have very technical understanding

20:15

of how to operate a device that doesn't have the convenience of

20:17

a normal smartphone . And then

20:21

we decided to found

20:24

Unplugged . So Unplugged

20:26

was like a certain evolution

20:28

of what I did before . I

20:31

gained all my experience with

20:33

both hardware and software from my old

20:35

company and , besides that , I know

20:38

there were a few attempts to do such a smartphone experience with both hardware

20:40

and software from my old company , and we decided to do . You

20:42

know , I know there were a few attempts to do such a smartphone and we tried

20:44

to analyze , you know what , why

20:46

those companies didn't make it . I mean , there's clearly

20:49

a demand for some products , but

20:51

they were not very successful

20:53

. So when we tried to analyze

20:55

and understand you know , do we need to found this

20:57

company ? We understand that

20:59

several things were changed in the last few

21:02

years . The

21:04

first thing is that privacy

21:06

matters for many users much

21:09

more than before , because they are realizing how

21:14

their data is collected

21:16

, shared , monetized , and

21:19

there's a lot of awareness for such

21:21

products . Another

21:25

thing is that , unlike

21:27

five , six , seven

21:29

or ten years ago , for

21:32

a small company it

21:34

was nearly impossible to create

21:37

a good hardware because

21:39

the supply chain was very different

21:41

. All the big manufacturers controlled

21:43

the hardware . They had access

21:45

to the high-end hardware which

21:49

small companies cannot even finance

21:51

. But today

21:53

small companies can

21:55

build their own smartphone from

21:58

scratch . I mean , you still need some funds to

22:00

do it , but it is possible

22:02

. And if you notice today

22:04

you know if you have

22:06

your latest iPhone or

22:08

Samsung device , you

22:10

want to convert to the new version

22:13

of the hardware . There's not much

22:15

of a difference between every year .

22:17

Yeah .

22:18

I mean like almost nothing , yeah , version of Diablo .

22:20

There's not much of a difference between every year .

22:21

Yeah , I mean like almost nothing . Yeah , it's more on paper than simply you can notice . I

22:24

mean the software is almost everything . So

22:26

, yes , you can maybe get a slightly

22:28

better camera or a faster CPU

22:30

that no one will notice , except if you're a hard

22:34

gamer or trying to do something

22:36

that you don't need to do on your smartphone

22:38

from a CPU perspective . So

22:41

that gives the opportunity to do it . But

22:43

the third reason I think that all

22:45

previous attempts were failing is

22:48

because the user experience was not good . And

22:52

basically , creating a privacy phone

22:55

means that you must

22:57

not have Google on your device . It's a difficult

22:59

device and

23:01

that is very inconvenient

23:04

. Yes , so even

23:06

for those users that want to

23:09

understand the importance

23:11

of privacy , having such

23:13

a phone is very inconvenient

23:16

and if you see the pure extent

23:19

, it's not a usable device . So

23:22

we realized that our mission is to

23:24

create not only a privacy in a private

23:27

and secure phone , it's to

23:29

create a convenient somewhere that

23:31

no other user can use . During

23:33

this path we also realized you know

23:35

it was obvious for us that the USA market

23:37

is the biggest market for such

23:40

devices . We're going to launch

23:43

it on international

23:46

territories later . We

23:49

realized that you know we

23:52

need to do something really good

23:54

here . So in USA what

23:57

you see is that you know most users are

23:59

most customer consumers are buying

24:01

their phones from carriers and

24:04

even that transition from buying a device

24:06

from carrier to the open market is a challenge

24:08

in USA . You know everyone in the world not

24:10

everyone else , but most places in the

24:12

world take Europe , for

24:15

example you can see a

24:17

big part of the market is buying from

24:19

the open market . I mean not from the carry

24:22

. We just realized that you know many

24:24

consumers don't even

24:26

know what a SIM card is . So

24:30

realizing that that's

24:32

a big challenge for us and this is what we're trying to

24:34

achieve creating a convenient

24:36

phone , secured phone , private

24:40

phone and

24:47

focusing on the support and doing the transition .

24:49

So let's talk about that a little bit

24:51

. Right , let's dive into this . You know , when I was getting

24:53

my master's in cybersecurity and one of the courses was mobile

24:56

security , right , and we were really comparing , I was getting my master's in cybersecurity and one of the courses was mobile security , right

24:58

, and we were really comparing

25:00

the architecture of Android

25:02

to iPhones and this was back in 2018

25:05

, you know . So I'm sure it has

25:07

changed some at this point

25:09

. Probably , honestly , it's probably more

25:11

on the Android side than the iPhone

25:13

side , right , because iPhone focused

25:16

more specifically on , like , supply chain security

25:18

to some extent , right , having their own chips

25:21

in it and whatnot . But a part

25:23

of this course was to actually , you

25:26

know , find a vulnerability . It

25:28

could be already known , could be whatever

25:30

. It is right , find a vulnerability , exploit

25:32

it on the device of your choosing

25:35

, and so I wanted to make this a little bit

25:37

difficult , right , I want to make it a little bit challenging

25:39

and I wanted to find a vulnerability

25:41

, you know , with Bluetooth on an iPhone

25:44

. Right , found the vulnerability , tried

25:46

to exploit it . I spent 36 hours trying

25:48

to exploit it , something that was never

25:50

going to work because

25:53

, basically , apple did a silent security

25:55

update , literally two weeks before

25:57

I started trying this thing , and it was literally

25:59

for this Bluetooth exploit . I

26:02

go and I attempted on Android

26:04

. Within you know , maybe 15

26:07

, 20 minutes , I have root on the device

26:09

and I'm able to control everything about the device

26:11

, right , like that was . That

26:14

was a huge difference to me . That was a huge eye

26:16

opening . You know , kind of event

26:18

, right , maybe , and I'm a terrible

26:21

hacker , I mean , like , I don't even claim

26:23

to be a hacker , like you

26:25

know , if anyone were to approach me at , like , def

26:27

CON or something like that , right , like I

26:30

am not doing capture the flag events

26:32

or anything like that , like you know , I'll

26:34

go watch , right , but I , I'm not , I'm

26:36

not over here trying to hack stuff . But

26:39

that that experience , though , even

26:41

knowing , you know , having that self-awareness , like

26:43

hey , I'm not good at this , this isn't like

26:45

my forte in security for

26:48

it to be that easy with android

26:50

it kind of swayed me

26:52

more heavily even towards

26:54

iphone . And the reason why I went from

26:56

Android to iPhone , you know , probably

26:58

10 years before that , right , what

27:01

was ? Because of the ease of use

27:03

, right , I had a very bad experience with Android

27:05

. I was downloading things from the Google

27:08

Play Store that had malware on

27:10

it . It had millions of downloads , right

27:12

, like the Facebook app . You know , the Facebook

27:14

app had millions of downloads , or whatever it was when I had an Android . I'm downloading the

27:16

Facebook app . You know , the Facebook app had millions of downloads , or whatever it was , when I had an Android . I'm downloading

27:19

the Facebook app and it has malware in

27:21

it , right , and this malware is like

27:23

impacting my device pretty significantly

27:26

, like the performance is insanely

27:28

decreased . You know everything about

27:30

it , right , and so I , with

27:33

that experience and I even talked

27:35

to like Android support at

27:37

the time and said how the hell is this happening

27:40

? This has happened three times to me

27:42

. I'm literally going to your own Play Store

27:44

and downloading it this

27:46

is even before me getting into cybersecurity

27:48

and they're saying well , you're downloading it . It

27:51

has malware in it , yeah , and there's

27:53

no way to tell , and I'm sitting here , like Google

27:56

, it's your Play Store . You don't

27:58

have a way of telling if it has

28:00

malware in it .

28:03

So you touched so many interesting

28:05

points . I

28:07

try to remember what you were talking about

28:09

, but let's start with that . So you're

28:11

talking about maybe 10 years ago , right ? So

28:15

back these days , apple was very

28:17

close . You could not do

28:19

much on the iPhone as

28:21

a developer . On the other hand , google

28:24

had everything open . I mean

28:27

like almost everything , and that not

28:29

only means from a developer perspective

28:31

what you can do on the phone , all the

28:33

APIs , but

28:35

also in terms

28:37

of the Google Play Store . You can upload

28:40

an application to your store . No one

28:42

will even verify that . No

28:44

one will look at it on the app

28:46

. They're not even automatic

28:50

scanning of the apps . Permission

28:53

usage was if you could

28:55

use it , then you could upload it to the store

28:57

. Both

29:01

Google and Apple did some changes . So

29:03

Apple became a little bit more open

29:06

. They gave the developers more options . On one hand

29:08

, google started becoming more secure

29:10

in their place let's talk about Android

29:13

itself in a second . But

29:16

today it's harder to upload an application

29:18

to Google . There is

29:20

some verification process for

29:23

you as a developer for your

29:25

app . They restricted a lot

29:27

of things that you can do with your

29:29

applications . Permissions

29:31

were downgraded . I mean

29:33

you cannot do anything that you want to

29:35

do as you used to be

29:38

and

29:41

the whole operating system is becoming more

29:43

secure , but again , we'll talk about it

29:45

later . So

29:48

things are changing all the time and

29:51

in the case of Google , they also have the problem

29:55

of the large device

29:57

variety . So

29:59

you have so many devices out there , so

30:02

many versions of the operating system , and

30:06

they had to do some work in

30:08

order to make sure that those that are

30:10

out there can maintain

30:12

all the security updates . And

30:15

they did a good job there to be better and

30:19

give the manufacturers better

30:22

support in upgrading the operating

30:24

system , making the

30:27

upgrade easier for them . We

30:30

see it's not by ourselves . So we

30:32

launched our operating system based

30:34

on Android 13 . We

30:36

are updating to Android

30:38

14 this year

30:40

. The process is not

30:43

very hard for us , even though we

30:45

did many changes in the operating

30:47

system based on Android system for

30:49

more security and for our needs , and

30:52

it looks much better Now

30:55

, if we're talking about the Android operating

30:57

system , android used to be very

31:00

light back these days . You

31:03

know we are device manufacturers

31:06

, so we are in charge of

31:08

the operating system . I

31:10

see the Android source . Actually

31:13

, anyone can see the AOSP tree . We

31:16

see the old BSP tree , including the drivers

31:19

and everything and

31:21

that is becoming

31:23

a huge piece of code

31:25

, and most of the changes

31:27

are related to security , and

31:32

more and more layers are

31:34

added to prevent

31:36

, to make the operating system more secure , what

31:39

is exposed to other apps , for

31:42

example , something that used to be very

31:44

open , even a few years ago , now

31:46

much more close Stuff

31:53

like that . That permission mechanism was evolved . What person is giving to built-in

31:57

applications on the phone ? So

31:59

Android has become like a huge monster and

32:07

many code changes

32:09

are made in the Android operating system to support this agenda . Having said

32:11

that , the more code you add , the more vulnerabilities that you can potentially

32:14

enter the operating system . That actually

32:16

brings a different topic

32:18

, because we discussed about

32:20

iOS versus Android . So

32:22

iOS is a closed source and Android is not

32:24

, and many vulnerabilities are discovered

32:27

because it's an open source on

32:29

one hand . On the other hand , apple

32:32

closed source policy prevents

32:34

someone from you know , take a look in

32:36

the source code and find vulnerabilities . So

32:38

I assume that potentially

32:40

more vulnerabilities exist on Apple

32:42

, even though probably they

32:44

are much harder to be found

32:47

.

32:48

That's interesting . Yeah

32:52

, that is fascinating . You know , the

32:54

last time I looked at

32:56

like the device architecture

32:58

of iPhone versus Android , right , just kind

33:00

of an overarching architecture , you

33:03

know , it seemed like the

33:05

iPhone kind of protects the user from

33:08

the user , right , like they

33:10

have sandboxes for their apps

33:12

, they have sandbox for their user space

33:14

, they have it separated from

33:17

the operating system , even , right

33:19

, and there's very specific like keys that

33:21

you have to use to unlock each of those components

33:24

and whatnot . And you know , even

33:26

, like if you were going to , you

33:28

know , take it , take your iPhone right to an

33:30

Apple dev and say , you know

33:33

, open a terminal and troubleshoot this thing

33:35

, like they would have to have a very specific

33:37

key with a very specific you

33:39

know cable that's plugged into

33:41

it , probably within the geofence

33:43

of you know Apple campus

33:45

and whatnot , right , all

33:49

of those things have to line up for them to be able to do

33:51

that , which I mean , at least from my opinion , right , like

33:53

I haven't seen it from your side , where potentially

33:55

you're actually actively thinking of new ways

33:58

to exploit devices . Right

34:00

, because I mean , that's probably how you , you

34:02

know , built unplugged to some extent , right

34:05

, like it's like , well , what's what's available

34:07

right now to exploit devices and what's coming

34:09

in the future to exploit devices . I

34:12

don't know it from that angle , but at least

34:14

from my angle , it seems like , okay

34:16

, iphone gets me , you know , 85

34:18

, 90% of the way there in terms of security

34:21

. So I'm going to go with that right . And

34:23

then I heard about the unplugged device , which

34:25

was very tempting to me

34:27

. Right , because I

34:29

don't know if you've listened to the podcast very much , but

34:31

right

34:34

before Russia invaded Ukraine , right

34:37

On the podcast I was calling

34:39

out Russia , right when everyone

34:41

else was saying , oh , it's a war exercise

34:44

or whatever it is . You know

34:46

, it's like , hey , they have tanks on the border

34:48

for a reason , like they're not just amassing

34:50

to amass and they're not doing this war exercise

34:53

directly on the border

34:55

for no reason . You know , I was actively

34:57

calling them out and I do the same thing with China

35:00

and whatnot . And it was interesting

35:02

, literally the day that Russia

35:05

invaded Ukraine , my podcast

35:07

got blackholed or blacklisted

35:09

in all of Russia , china , Iran

35:11

, basically all enemies of America and

35:14

Israel , they all just blacklisted

35:16

my podcast immediately . Oh , it wasn't a substantial

35:19

portion of my traffic , but it was enough for me to be

35:21

like I used to get 15%

35:23

from Russia and now I get nothing

35:25

, you know . So it's like okay , you know so it's like okay , you know

35:27

, that's . That's a substantial

35:29

difference . And very

35:31

, I guess , very interestingly

35:35

, right at the same time I started getting

35:37

very , very odd attacks

35:39

, you know , on my , on my PCs

35:42

, on basically any PC that was at home

35:44

, which was very interesting to me because

35:46

I host a podcast . Right

35:48

, like , what the hell am I going to do ? How

35:50

am I even , like seen

35:52

as like a threat to the state of Russia or China

35:55

or anything like that , like you're literally wasting

35:57

resources , even if it's an automated

35:59

script that you're running , you're wasting

36:02

resources trying to like get

36:04

at me , right . And so that's when

36:06

I started to kind of go down this whole rabbit hole

36:08

of how do I secure my devices ? Right

36:11

, like , how do I ? I need to have a secure

36:13

device that I can , that I can use

36:15

if I need to , that I can ensure is

36:18

forever secured and in my benefit

36:20

. And so that's how I kind of stumbled

36:23

on the unplugged device . So

36:25

I say all of that right to

36:27

kind of pivot , almost right , and build a little bit of context around device . So I say all of that right to kind of pivot , almost

36:29

right , and build a little bit of context around it

36:31

. So , the devices that we're currently using iPhones

36:34

and Androids do

36:37

you think that their price would be

36:39

even more significant than they

36:41

are today if they were not selling our

36:43

data ? Yeah , which

36:45

is yeah . You think it would be ? How

36:47

much more expensive do you think it would be ? Like

36:50

, what's the difference ?

36:51

So I think we did some math and

36:54

I think the rough number that Google's

36:57

making on let's

36:59

say , I don't know the Apple's number exactly

37:01

, but I guess they're similar , maybe

37:04

even more so

37:06

we approximate I think you find

37:08

some , some proof or

37:11

evidence for it that they

37:13

make about 150 to 200

37:16

every year from you just

37:18

for holding a smartphone that you know manufactured

37:21

by apple or google so they're making 150

37:24

just from me having

37:26

the phone .

37:27

Yeah Right , that's kind of like the default , that's

37:30

like the default usage

37:32

of the phone , without really even like clicking

37:35

on different ads and stuff . So this

37:38

is not oh so are they building

37:40

enough , yeah , okay . So

37:42

are they building in a fee when

37:44

I Google a product , right , like

37:46

well , let's say , like over the weekend I bought like

37:49

a torque wrench for my car , right , when

37:51

I Google torque wrenches , is Google

37:54

getting a fee from Apple or Apple's

37:56

getting a fee from Google ? And then

37:58

when I go to Amazon from that link

38:00

in Google is like

38:02

Apple getting another fee from Amazon

38:05

Because I went to their link on

38:07

their phone . Is that how convoluted

38:11

it is .

38:12

First , I think Google is paying Apple for being

38:14

a default search in their device . It's

38:16

one thing , but you

38:19

should think about private data , not

38:21

only about your searches , because the search

38:23

can be done on a private phone

38:25

, but let's think

38:27

you know your location date . So

38:31

location even not talking about your specific

38:33

location , I mean your location as

38:36

a collective data of

38:38

locations that can be sold

38:40

to data brokers for different purposes

38:42

, so they can make money from it or

38:44

use it for their own product , to build new products

38:47

. So this is one

38:49

thing . Let's see one of the challenges that we

38:51

have . For example

38:53

, we are the Google show , so

38:55

we don't have the luxury

38:58

of using Google network

39:01

location services , which is a

39:03

location

39:05

service that is built

39:08

from user data , from their Wi-Fi

39:10

hotspots locations , for example

39:12

. Think about anything

39:15

that you're doing on the phone that is not related

39:17

directly to what you're using , that

39:20

everything can be used for Google

39:22

or Apple products and that

39:24

can leverage other skills

39:28

. So , um , I

39:30

mean the number of opportunities

39:33

just being on your phone as

39:35

a infrastructure software

39:37

is , you know , infinite

39:40

. That's it so

39:42

okay .

39:43

So that is really

39:45

fascinating and I think I have like two

39:47

major questions from it right

39:49

, hopefully I don't forget one

39:51

of them From the perspective of

39:54

Google getting device

39:56

location right . So when I upgraded

39:58

my iPhone , I upgraded a couple of years ago

40:00

iPhone 14

40:02

, I typically like upgrade every four to

40:04

six years , you know , because kind of like what

40:06

you said right , like there's not like a giant

40:08

performance difference . I'm not

40:11

going to notice it , I'm not going to feel it . It's

40:13

kind of timed with when they stopped supporting

40:15

the phone . It's like , okay , I guess I have to

40:17

upgrade Right , cause I'm not that big

40:19

of an idiot . You know to where I'm going to have

40:21

like a super old phone and can't

40:24

patch it . But

40:26

when you upgraded to the recent probably

40:28

you know ios right , it

40:30

gave you the ability to it . It

40:32

at least gives you the feel that

40:34

you're limiting . How much these apps can

40:37

you know , gather on you right

40:40

, google being a great example

40:42

? I mean , I'm sure someone at google is going to be

40:44

pissed off at me if they hear this right , right , but you

40:46

know like when I got , I just remember

40:48

, right in the search app

40:51

, it like asked for my location information

40:53

. Denied , it went into the Nest app

40:56

Nest owned by Google and

40:58

sorry about that . Nest requested

41:00

my , my location

41:02

information . Right , so I said

41:04

yes to that because because obviously I want

41:07

to run a more efficient home , you

41:09

know I don't want a giant electricity bill . Nest

41:11

does that thing . You know that deals

41:13

directly with that . I wonder

41:15

if they're then leveraging that permission

41:18

of saying he allowed

41:20

us for Nest so we're going to do the same thing

41:22

for , you know , google

41:24

search locations and whatnot , which would

41:27

actually kind of make sense for what I experienced

41:30

recently when I went to a . So

41:32

I live in a blue state here in America

41:34

and I mean , like typically that's

41:36

not even something that you like have to say or like

41:39

mention or anything , but it's so divisive

41:41

or divisive , you know , like now

41:43

in the world it's like you

41:45

have to build that context in . So I live in a

41:47

blue state and when I went

41:50

to a red state , I was bombarded

41:53

with like left

41:55

material , right , left

41:57

, centered , left , focused material . I'm

42:00

completely bombarded with it to the

42:02

point where , like I thought something

42:04

was wrong with my phone , right

42:06

, I thought something was wrong with my devices

42:08

because it was so off the wall

42:10

from what I'd normally search . It

42:14

makes me like recalibrate , like well , how are they

42:16

actually getting that info right ? Like , are they

42:18

just getting it from GPS information ? Because

42:21

, like that's such a loaded topic

42:24

, it's such a loaded you know loaded

42:27

thing to dive into In

42:30

your opinion , in your own research

42:32

, because you're basically the expert in the field . Is

42:35

that what they're doing ? Are they kind of leveraging

42:37

that access in one area

42:39

to be like , well , it's a Google company , we're

42:42

going to do it over here too .

42:44

First , specifically for

42:46

the Nest , I'm not

42:48

sure I need to read their . You know terms

42:51

and conditions , but you know , think

42:53

about , let's say , you don't want to share your information

42:56

, your location data , your

42:59

inaccurate location

43:01

, can still be accessed through several

43:03

methods . For example , you know , if you know the

43:05

Wi-Fi MAC

43:08

address that you're connecting to , they

43:10

can get to your almost exact location

43:12

, I mean as an app

43:14

developer , for example . So

43:16

that may be or may not be blocked in a

43:18

specific app , but certain apps

43:20

can access it . But I

43:23

think I have a good example and about

43:27

maybe that you know , I think I have

43:29

a good example about maybe that will give you some evidence

43:31

about what those companies

43:34

are trying to do and

43:36

how apps developers or , let's

43:38

say , those data brokers , are

43:40

bypassing . So I

43:43

want to talk about the Advertising

43:46

ID . You know it was a few years

43:48

ago . Everyone had it . It

43:53

was Apple , google . Apple blocked it . You know , blocked

43:56

the data from Facebook . Google

43:59

even , you know , decided that . You know it

44:01

would not be mandatory . You can even

44:03

disable it . That should be

44:05

enough to

44:08

cut or to stop

44:11

the efficiency of

44:13

the add-in industry . So , add-in

44:15

industry are you familiar with the add-in industry

44:17

? Maybe I'll explain . So

44:20

the add-in industry is

44:23

a cybersecurity

44:25

hacking domain that

44:28

allows a very effective

44:30

, cost-effective , actually

44:32

targeting , profiling

44:35

and getting information

44:37

about people . So the idea is that

44:39

, let's say , I want to know your location

44:41

. All I need to

44:43

do is to do some advertisement

44:47

campaign that targets your profile

44:49

. I know your age or , I

44:51

would say , approximate location I mean which

44:53

city you are , what is your

44:55

interest and

44:58

then I send some advertisement data

45:00

to contain your

45:03

location and

45:05

then I use this information that

45:07

I gathered from this campaign to

45:10

know your specific location , for example

45:12

. Let's say , for example , I get like 1,000

45:15

hits that

45:18

you know this campaign was . You know

45:21

1,000 people that this campaign

45:23

hits in your city

45:25

. I know where you're living . I know

45:27

where you're working . I see only one person with those two locations . I know where you're living . I know where you're working . I see only

45:29

one person with those two locations

45:31

. I know it was you . They can trace

45:34

back all your locations . So

45:36

, given that you

45:38

don't have this head ID , this

45:42

industry should now be blocked . But

45:45

that's not the case because I can

45:47

still profile you from other data

45:49

on your device . So if

45:51

I know , you're

45:54

not even need to know . I need

45:56

to get your device model , some other characteristics

45:59

of your phone , a

46:01

few that those ads can get , like mobile

46:03

carrier and some

46:05

other parameters . I can narrow

46:08

down those

46:10

parameters like 9 , 10 , 11

46:13

parameters and gather

46:16

all of them together to give an ID

46:18

, like

46:21

a fake ID , to your device

46:23

. So , even

46:25

though Google

46:28

and Apple are trying to blow up and

46:30

give more secure products in

46:32

, essentially you know there

46:35

is some okay

46:38

, because you know eventually it will not

46:41

allow all the apps to the way they should

46:43

. So the into the apps have access to the system

46:46

, to the data on your phone . You're onto

46:48

the application tool . So

46:51

, yes , they're doing a lot in

46:53

this area , but that is not enough , especially

46:56

for those attackers that you know will

46:59

find any way again , even without

47:01

hacking your phone , to get

47:03

information about .

47:05

That's really . It's interesting

47:07

. You know , I feel like

47:09

people always had the mentality

47:11

it's maybe a legacy mentality , right when

47:17

they have to , like , hack your actual device in order to , you know , gain

47:19

information or track you or whatnot . It

47:21

seems like they don't even have to hack your

47:23

device anymore . They just have to pay a

47:25

data broker to get

47:28

whatever they want . Right , I mean like , and

47:31

with I mean I I

47:33

guess with , from what you were saying . With

47:35

iphones , with androids

47:37

, you know , it's basically

47:39

impossible to to

47:41

block that stuff . Right , because

47:44

it's almost like apple gives you the

47:46

illusion of privacy and I I

47:48

mean please correct me if I'm wrong Right , but

47:51

it seems like they do a bit of a better job

47:53

than Google overall , right , if

47:55

we're not , if we're not thinking of this , you

47:57

know , data broker side of it , right , it

48:00

seems like they do a good job overall

48:02

of protecting their users from

48:04

themselves , protecting their devices

48:06

. You know , ensuring privacy , to some extent

48:08

, it seems like they do a good job of it

48:10

, but you know , it's

48:13

like it's difficult

48:15

because it turns into a situation

48:18

where one you

48:20

know , I'm I'm a security person , I'm more

48:22

aware of it than you know 98 , 99%

48:24

of the population . How

48:26

in the world is you know someone of the population ? How in the world is you

48:28

know someone like my parents

48:30

, you know , in their , in their 50s , 60s

48:33

, right , they're never going

48:35

to know the difference , they're never going to think about that

48:37

or anything like that , and so you need a device

48:39

that's doing it , you know , automatically

48:41

. Because if , like you said , if apple

48:44

were to actually make that change on their

48:46

device , like 95

48:48

, 99 of the apps on their device

48:50

wouldn't even work , apple would have

48:52

to go into the business of recreating all these apps

48:54

you know themselves to make

48:56

it work on their device yeah , actually

48:59

it's .

49:00

it's opposed to their business model

49:02

. It's just opposed

49:04

to the business model and you , you know , we created

49:06

in the app phone . One

49:09

of the biggest things that we put

49:11

on the phone is a firewall that

49:13

blocks trackers and

49:16

ads , not

49:18

only in the web browser , also in the apps . So

49:21

, you know , trackers most

49:24

of the apps have trackers

49:26

. Some of them are

49:28

, you know , legit , like from

49:30

the developers to collect some data

49:32

about the usage of the app . Some

49:35

are for just selling the data and

49:38

, by the way , our new antivirus version

49:40

that we're going to release later

49:43

this month will show this

49:46

information for use . You

49:48

can install it also on regular inverse phones . This

49:52

information , by the way , is

49:54

public . I mean , most of the users do not know

49:56

how to access it . They do not know that they

49:58

should , you know , track those trackers

50:00

or even have trackers , and antivirus

50:03

is not even showing this data because they

50:05

are failing in this area too . They

50:07

have some trackers by themselves . So this is

50:09

one thing . Another thing

50:11

is that , you know , regarding

50:13

Apple versus Google in

50:15

terms of software . So , when

50:19

you spoke about hackers , I

50:22

think so , if you know Cetabright

50:25

, cetabright , they are providing

50:28

for government

50:30

agencies the ability to hack to

50:32

your device . So if they

50:34

have a criminal's device , they can hack into

50:37

the device and collect data

50:39

. So there's a leaked

50:41

document from Cellebrite of the brightest

50:43

about maybe five , six months

50:45

ago they divided the

50:47

, the categories for android

50:50

, iphones and uh , generally

50:53

speaking , I think . I mean they

50:56

don't have the solution for the latest iphone

50:58

, but you just risk three days for that . From

51:02

my experience , they are always have

51:04

the ability to hack

51:07

into the and

51:09

also to most Androids , and

51:12

they had a very nice

51:15

section separated

51:17

just for Graphene OS

51:19

on Pixel devices

51:21

and it's

51:24

a separated section and it's clear

51:26

that Graphene OS

51:28

on a Pixel device is

51:30

more secure than any iPhone

51:33

or Android device . So

51:35

that's very interesting

51:37

for us . Of course , our

51:40

understanding is that Graphene OS is

51:42

not accessible for most

51:44

of the users . They cannot just do

51:46

a Pixel phone and flash the device . But

51:50

there are ways in software

51:52

, similar things that we are doing , to

51:54

protect you and an end user .

51:57

So what's the OS that the unplugged

51:59

device is running ? You

52:01

said that it was essentially Android

52:03

14 on the back end . What

52:06

are you calling your branch of Android

52:08

14 ?

52:09

So it's LibertOS or

52:12

Libertos , so it's

52:14

a variant of Android . It's based on a very

52:16

clean version of Android . We

52:19

don't have any Google services . We strip everything

52:21

off from the operating system and then build

52:24

on top of the operating system . You know

52:26

our security and privacy , so

52:29

it's a standard base .

52:30

That's really fascinating . You know

52:32

, I wish we had more time , but I

52:34

always try to , you know , stick to

52:36

the time limit that I give everyone , so you

52:38

know before I let you go . How about you tell people

52:40

where they can find you if they wanted to reach out and

52:43

learn ? You know , maybe connect

52:45

with you right , and where they can find

52:47

your unplugged device ?

52:49

Yeah , so unplugged

52:51

is available at wwwunpluggedcom . Just

52:57

search for unplugged on any search

53:00

engine . You can buy the phone

53:02

today in USA , canada . The phone

53:05

, by the way , is compatible

53:07

to most networks around

53:09

the world . We're just now

53:11

selling it in USA and Canada

53:13

only because of

53:16

certification and logistics . We

53:20

want to expand . Actually , we're starting our European

53:22

certificate right now , so our next

53:24

big market will be Europe and you can

53:26

actually reach us also in

53:28

the app messenger . So the app messenger is

53:30

our secure messenger . You can download

53:33

for any android or iphone

53:36

device . Now we have some . We

53:38

have a group there , like we call the early adopters

53:40

group , and some

53:42

of us , including me , are in this group

53:44

. So you can reach us there . And

53:47

we have live agent support

53:50

. That you know from our apps

53:52

and also from the phone . You can

53:54

reach our support and , you know , ask questions

53:56

. We have a lot of information

53:58

on our website . We'll try

54:01

to bring more and more information there . The more

54:03

we ask , the more we put . But

54:05

again , the FAQs section

54:08

is quite big already

54:10

, so you

54:12

can find .

54:15

Yeah , perfect . You know , ron

54:17

, like I really appreciate you

54:19

know you coming on the podcast . This is a really fascinating

54:22

conversation . I definitely want to have

54:24

you back on in the future to kind of continue

54:26

our conversation even and do a part

54:28

two it was great . Yeah , yeah , it

54:31

was fantastic . I really appreciate

54:33

it . So you know , thanks for coming

54:35

on , of course , and I hope everyone listening

54:37

or watching enjoyed this episode . Bye

54:39

, everyone , bye . Thank you very much , thanks

54:42

.