TrustKernel has unveiled a new approach to mobile and desktop security with PlugOS and PlugMate, a thumb-sized private computer designed to give users a fully separate, hardware-isolated environment for sensitive data and applications. The product, announced this week in Shanghai, aims to address the growing concern that modern smartphones and PCs expose too much user activity to software-level threats, telemetry systems, and cloud services.
A Self-Contained Secure Workspace
At the center of the platform is PlugMate, a USB-powered device that includes its own processor, memory, and encrypted storage. Instead of running on the host device, PlugOS operates entirely inside PlugMate, while the connected phone or PC serves only as a power source and display. The result is a physically separated computing environment that keeps private workloads—such as authentication keys, confidential documents, or secure communications—away from the host operating system.
TrustKernel’s goal is to provide users with what amounts to a second, fully isolated digital identity, accessible on demand across iPhone, Android, macOS, and Windows systems. No rooting, jailbreaking, or OS modification is required, which allows the same security model to extend across heterogeneous devices.
Addressing Smartphone Attack Surfaces
The company positions PlugOS as a response to the expanding attack surface of modern mobile platforms. Smartphones routinely collect telemetry, run complex application stacks, and remain vulnerable to spyware, kernel exploits, or cloud-based tracking. Sensitive assets—crypto wallets, enterprise accounts, or private messages—often coexist with unvetted apps and consumer services.
“Real security starts with a physical boundary,” said Wenhao Li, CEO of TrustKernel. “We believe people deserve a digital space where privacy is the default, not an advanced setting. PlugOS and PlugMate give users a truly separate, hardware-isolated system so they don’t have to blindly trust their phone, their network, or the cloud.”
Key Capabilities
PlugOS and PlugMate include several hardware-backed security features:
-
Cross-platform operation with no privilege escalation required on the host
-
Full-disk hardware encryption and mutual pre-boot authentication
-
Duress PIN support, enabling immediate and irreversible data wipe
-
Zero-telemetry design, with no advertising identifiers or background data collection
-
Virtualized sensors to mask hardware fingerprints
-
System-level firewall that surfaces and controls all outbound and inbound connections
From the user’s perspective, PlugMate behaves like a dedicated secure handset that appears only when needed, while the primary device continues to run everyday apps.
Target Users
TrustKernel is positioning the platform for individuals and organizations that require strong privacy boundaries or separation between personal and sensitive workloads. Anticipated users include:
-
Digital asset holders needing secure key and wallet isolation
-
Journalists or activists concerned about surveillance or device compromise
-
Technical practitioners who want a controlled environment for secure browsing or testing
-
Enterprise and BYOD users seeking a compartmentalized workspace without provisioning a second device
By shifting critical functions into a self-contained hardware module, the company says PlugOS and PlugMate help mitigate risks from malware, targeted attacks, or accidental data leakage—while allowing users to keep their existing smartphones and laptops.
