We sat down with the Nuke From Orbit founder and chief executive officer to get his thoughts on the future

Nuke From Orbit are a leading smartphone security company. Their app allows you to protect the contents of your smartphone in the event it’s lost or stolen – something that’s increasingly of importance as we hold more and more personal information and digital accounts on our phones.  

Our reporter Robert Welbourn spoke to James O’Sullivan, founder and chief executive officer, to learn why he started the company, his thoughts on digital privacy, and how AI is both part of the problem and part of the solution when it comes to fraud.  

Please could you give me a bit of background.  

I’m the founder and chief executive officer of Nuke From Orbit. We’re a security company focusing on assets that are stored or are accessed through a mobile phone, specifically in instances where that phone has been stolen.  

About a year ago I had my phone stolen on a night out. Like many people, I assumed that because I use my face to sign in, I was pretty well secured. The next day I found out that at some point they had seen me use my PIN and that allowed them to use the cards in my Apple Pay wallet to do quite a bit of spending.  

That showed the first problem, which was that even though I knew at that stage that I had been a victim of theft, it was a very long journey to lock down my digital footprint. I couldn’t cancel my cards, block my SIM, or change my passwords quickly and easily because those things had to be done individually with each of those providers. It took me about six hours in total.  

I wondered what could have been done differently. I’m quite tech savvy, I’ve been writing software since I was eight years old and this was still a slow and tricky process. My parents, however, they’re not tech people, so if I can’t easily cancel things with my knowledge, how are they supposed to?  

I looked for a company that does this and was very surprised to find out there weren’t any. And so within a week of having been the victim of theft I had written most of the business plan for Nuke From Orbit.

We all have smartphones; if you lose your wallet, you lose maybe some cash, your bank cards, and your driving licence. If you lose your phone, you lose almost your entire identity.  

Yes, both literally and figuratively. The thieves who stole my phone spent tens of thousands of pounds on my cards. I got that money back within three weeks because I knew exactly where I was when it was stolen and was able to give a thorough police report. I’m not saying I was lucky, but luckier than others.  

For instance, I have some crypto holdings, which are accessed via the app on my phone. That app is well protected from an unknown remote attacker; it’s got a strong password, it requires me to log in, and before I transfer money or crypto anywhere I have to get an SMS security code and an e-mail security code. My device has my password saved, gets my emails, and it’s where I receive texts. They could have transferred all of that crypto out.  

They could also have very credibly impersonated me to friends, family, coworkers, saying I’d lost my phone and asking them to send money to an account that they don’t know isn’t mine. I was very much the lowest level of crime, the quick and easy stuff, but the actual potential is much larger than that. And it’s all secured by a very simple PIN code.  

It’s something that I imagine is going to become even more sought after as more and more of us use facial recognition, but this is counteracted by the rise in deepfakes.  

Not so much actually! To Apple’s credit, Face ID is extraordinarily good. It takes 30,000 points around the face, and it’s very, very hard to break. However, devices can’t rely purely on that, because what if I had an accident and my nose is broken and I don’t look like me? There needs to be a backup way to get into the phone.  

That’s where the PIN comes in. The problem with that is, whilst the PIN can do so much, it’s much easier to steal. There’s been a rise of old school shoulder surfing. Thieves wait until they see someone use their PIN, and then spend the rest of the night waiting for a chance to steal your phone because they know that when they do, they’ve got access to all the data that’s on there.  

Are you seeing any pushback from people who worry that you take a lot of personal information? You’re essentially aggregating someone’s entire life in one place.  

The good thing is we hold virtually no private information. We hold first name, surname, email and mobile number. That’s it.  

The way that we interact with our third parties is through tokenised data and things that are of no value to anyone other than us and our customer. We never store card numbers, we don’t know users’ passwords, we don’t know their account details for any of their accounts. All we give them is a method where you can link your account to that third party and then we have a completely secure and private way of transferring data.  

That must be a real advantage as well because, whilst people want convenience, they don’t want their privacy compromised.  

The thing is, we’re all human, there’s only so many 6-digit numbers you can remember. There’s going to be some level of reuse, that’s just human nature.  

Monzo announced some very good security measures recently that are going to create friction, such as asking a friend to verify a transaction. It’s a good idea, it’ll stop some fraud, but it’s also going to stop a number of legitimate transfers. It’s the same when using a security QR code. I wouldn’t be surprised if younger members of the public store that QR code on their phone.  

All security measures inject friction, there’s the constant trade off. The idea behind Nuke From Orbit is that you can keep most of the frictionless way you operate because there’s a quick and simple way to revoke access.  

It wouldn’t be a conversation about tech without us talking about AI. Do you think AI is something that’s going to be built more into smartphones?  

AI is going to change most of the world. But it’s important to remember that it’s in its infancy. AI in its current format is like the discovery of electricity: it’s going to change the world eventually, but from when it was discovered to when the light bulb happened to when we had power in homes, there’s a long, long lead time. It won’t be as long for AI because there are more people working on it and the curve accelerates, but we’re still in the early stages. I should probably give Dr Hannah Fry at least some of the credit for this way of looking at AI. 

I love that electricity analogy, I’ve never heard it put quite so succinctly. Is AI something that you’re looking to incorporate into Nuke From Orbit as you grow and scale?  

The short answer is no; the long answer is probably.  

Our product doesn’t need much in the way of AI, and I love the fact that we’re a tech product in 2024 that doesn’t.  

That said, when we wanted to convert our SDK for developers from our main language, PHP, to Dot Net, I just ran it through ChatGPT and it was done. Suddenly we had seven languages of the SDK where before we had one.  

There will be AI used in general business; it’s so good. Things like writing first drafts of documents, for example. I don’t think our product will ever need AI but when it comes to marketing it, there’ll probably be some elements of AI in there.

Image: Nuke From Orbit

Robert Welbourn
Robert Welbourn is an experienced financial writer. He has worked for a number of high street banks and trading platforms. He's also a published author and freelance writer and editor.