The fictional superspy wields Nokia devices in No Time To Die. It’s an odd choice, but Apple’s smartphones aren’t ideal, either.
No Time To Die is almost upon us, and scores of James Bond fanatics are eager to see the spy use ingenious gadgets to save the day. But does he actually use the very best tech to get the job done? We think not. Laser Polaroid camera, anyone?
Before we get into what competent real-life spies should be using, let’s look at what Bond is set to wield in his long-delayed latest outing. Thanks to the pandemic’s cinematic shutdown, the movie will feature the Nokia 3310, Nokia 7.2, and Nokia 8.3 5G. Release dates for these phones came in the year 2000, September 2019, and October 2020, respectively.
Even looking past the unlikely union of Britain’s fictional superspy and Nokia, a brand that captured a mere 0.7 percent of the smartphone market in Q4 last year, out-of-date mobiles are hardly cutting edge bad-guy-beating tech—and that’s probably not entirely a good thing.
James Hadley, CEO and founder of Immersive Labs—a cybersecurity training and skills platform—and previously of the UK’s Government Communications Headquarters had this to say on Bond’s untimely mobile choices: “If Bond is handed an older Android phone, he should check Q has updated the OS to prevent against new software vulnerabilities.”
However, Hadley sees the merits in older phones, but they just aren’t practical for a modern spy. “There are some people who believe using ‘dumb phones’—pre-smartphone devices less reliant on software—keep them safer,” he says. “However, this would obviously limit Bond’s ability to use even the most basic internet applications.”
So, for these older phones, it’s about prepping them to make them less vulnerable. As Hadley says, fingers crossed Q is savvy when it comes to modern security threats and not just lethal fountain pens. Jake Moore, a cybersecurity expert at internet security firm Eset and a former police officer, explains: “Usually older devices come with more security threats, but if a device has been set up correctly with limited user control and bespoke tweaks, then the anti-tracking, anti-surveillance would balance out the legacy operating system and other flaws.”
What if Bond were using a bleeding-edge technology then, the very latest? Well, we know from the director of another Daniel Craig joint, Rian Johnson of Knives Out, that James Bond would be free to use an iPhone should a deal be struck. The director revealed in an interview with Vanity Fair that Apple disallows movie villains from using its latest and greatest devices.
However, an iPhone would not be a good option for 007. “Untraceable phones with anti-surveillance, anti-interception, and location-spoofing functionality are a must for James Bond. An iPhone, however formatted, just wouldn’t be able to offer this ability to ensure tracking isn’t an option,” says Moore. “The security of an iPhone is impressive enough for the normal user, but with threats such as Pegasus around periodically, it makes it difficult for a spy to use one securely and confidently.”
Pegasus is a piece of NSO (an Israeli technology firm) spyware affecting the iPhone that could copy messages, record calls, and even access the camera. Apple has responded by releasing patches to fix bugs that were thought to have been exploited by Pegasus.
“Pegasus spyware would no doubt be used by adversaries to target James Bond if he were an iPhone user,” says Moore. “While an iPhone might be good for capturing pictures of explosions and car chases, any downloading of embassy blueprints or covert incursions should be done on a locked-down terminal managed by a specialist team, inside a secure network,” Hadley says.
However, there’s also more to it than Pegasus, with a recent “explosive” spyware report looking into the further concerns security experts have relating to iOS, stating Apple’s closed ecosystem approach restricts their ability to use monitoring tools and conduct investigations necessary to uncover vulnerabilities.
So two-year-old Nokias are off the table, and so are the latest iPhones. When it comes to Bond actually using secure tech for his clandestine adventures it’s about more than just devices. Here’s Hadley with a rundown on what agents dealing with secure information should consider: “The only 100-percent-certain way to negate risk is to remove technology entirely. Some of the hardest-to-track targets have proven to be those who do things like writing letters and biking them to the intended recipient. For this reason, I’m sure James Bond has a healthy skepticism around technology in general, working on the assumption that everything digital can be hacked, traced, and monitored—connecting to the internet using even a Q-approved device could carry risk.
“It wouldn’t be hard for the enemy to set up a fake mobile phone tower, for example, acting as a ‘Man in the Middle’ to steal all the data in transit,” Hadley says. “If Bond is ‘in country,’ then mass data collection and analysis at an infrastructure level is also a possibility. In short, like anything in cybersecurity, he would be expected to weigh up the risk and return with any technology and make a call, or not make a call.”
On a practical level, Hadley says, those dealing with sensitive information can take two main steps to protect themselves. Always update software, and be aware of social engineering attempts. “Question all forms of electronic communication asking you to take any action,” he says.
If phones have to be involved, keeping important data to a minimum is vital. “Limited amounts of data left on a device helps mitigate a compromise by using deletion software or bespoke apps designed to self-destruct messages,” Moore says. “Better still, this used with coded messages would be best for assured privacy.”
“Good tradecraft dictates steering away completely from using mainstream smartphones to communicate sensitive information for fear of vulnerabilities at a hardware, operating system, application, or network level,” Hadley says. “There are secure phones which boast things like a choice of OS or kill switches for network connectivity and on-device hardware—but again, everything can be hacked.”
When it comes to choosing a secure phone, those who deal with sensitive information have a range of choices. Moore states that the best options are typically Android-based phones “due to the intricate control one can have over the operating system and functionality.”
World leaders appear to agree. In 2013, The Guardian reported on their phones of choice—from an iPhone 5 and a range of encrypted Blackberry phones to an HTC for North Korean leader Kim Jong-un. Not Vladimir Putin though, who stuck to the minimalist approach of no mobile phone at all. Previous French presidents François Hollande and Nicolas Sarkozy were provided with specialist Teorem secure phones—a large encrypted device that would take 30 seconds to connect at the beginning of a call. For German chancellor Angela Merkel, in 2013 she used a Nokia 6260 Slide—so there may just be hope for Daniel Craig’s Bond yet.
For an Android-based phone that world leaders and spies should be using today—a modern take on the Teorem phone—NitroKey (maker of encrypted USB drives) would like to think it now provides a solution. The NitroPhone 1 is a modified Pixel 4a that uses an operating system named GrapheneOS—a recommendation of Edward Snowden with a focus on privacy and security. The NitroPhone 1 ditches Google services while offering encryption, a kill switch, PIN layout scrambling as well as the removal of its microphone and sensors for 250 euros extra (another Snowden tip). The privacy and security offered by GrapheneOS centers on using an app sandbox to create secure boundaries as protection from vulnerabilities while aiming to not overly impact the user experience.
The catch of the NitroPhone 1 is that, with the microphone and sensors removed, it costs double the price of the Google Pixel 4a. It’s a rather substantial markup given GrapheneOS is free and available to download to a regular Pixel 4a or any Android phone. While the age of the Pixel 4a means security updates and bug fixes for GrapheneOS (which is based on Android) are only guaranteed for just under two years—making this device a no-no for those handling sensitive information beyond August 2023. The NitroPhone 1 isn’t completely unique, with alternative options like the Purism Librem 5—recommended by Hadley—and the BlackPhone 2 offering similar approaches.
According to Hadley, all this guidance on devices and software is useless if the user—in this case, Commander Bond—isn’t capable of adhering to and applying these techniques. “You can have the most advanced artificial-intelligence-driven electronic countermeasures, encryption, and quantum computers, but without cyber knowledge, skills, and judgment, it’s all pointless. There is a reason the best intelligence agencies have the best human capabilities. Without this, it all falls apart.”
All Rights Reserved for Adam Speight