How were the pagers tampered with?
Social media was, predictably, filled with security people discussing this very question. Could such simple devices have been hacked to somehow explode? Did they have some design flaw that allowed someone to send a message that caused the battery to overheat and enter thermal runaway?
Cybersecurity architect Jace Powell, a former counter-IED instructor, said his immediate suspicion was less complicated; a bomb planted in each device. Video of the attacks, and photos of devices following the attacks, seem to support this. Thermal runaway creates burning, popping, hissing and smoke before the battery catches fire and becomes a very hot and hard-to-extinguish flame ball. This attack appeared to feature a small, unexpected concussive force.
“I highly doubt these pager explosions were due to batteries alone. Lithium-ion batteries just don’t have the energy density to produce the observed blast effects,” Powell said.
“My guess is a small plastic explosive payload was inserted in the supply chain. The really interesting part is the detonation mechanism, both software and hardware.”
The New York Times cites anonymous officials as saying that a small amount of explosive material was inserted next to the battery in each pager, along with a switch that could be triggered remotely.
How were they exploded?
According to various reports, the pagers received a message and beeped several times before exploding, which could be part of the design of the attack (i.e. to make sure the pager’s owner was holding and looking at the device when it blew up), but could also simply be the result of the trigger.
Reuters cites sources, including “a senior Lebanese security source” as saying the tampered pagers not only contained explosives but a special circuit board used as a switch. When the board received a specific signal, which would be embedded in a message sent to the pager, it would cause a heat source significant enough to detonate the explosives.
“One thing we do know is that each of these devices has cellular connectivity, so you do have a remote trigger built into the device by design. The question is: how do you execute that trigger?” said Troy Hunt, an Australian security researcher.
“You would have to imagine then that this is a combination of not just hardware but software as well [being implemented in the attack], to be able to near simultaneously set all these things off at once.”
What brands were targeted?
The pagers reportedly carried the brand of Gold Apollo, a Taiwanese company, and some people online claimed the pagers were specifically a model called the AR924, which is marketed as a rugged design with long battery life.
However, in a statement to Reuters, Gold Apollo denied that it had made the pagers.
Loading
A shipment of pagers was reportedly ordered by Hezbollah months ago. It’s unknown how or when they were tampered with, with some on social media theorising that factory staff could have been bribed to insert the explosives during manufacturing.
Are pagers dangerous?
There are no indications so far that any pagers outside the shipment sent to Hezbollah have exploded or are at risk of exploding. Assuming the detonations are the result of physical tampering and not exploiting a flaw in the device’s regular hardware or software, it would seem unlikely any pagers outside that shipment are affected.
However, the attack is a reminder that an entity sophisticated and well-funded enough can weaponise just about any electronic device. Even security research published openly has detailed methods of igniting phone chargers and other devices, though not in as complex a situation as the one in Lebanon.
Hunt speculated the amount of co-ordination and planning that must have gone into the pager attack would have been massive, likening it to the Stuxnet cyber weapon that took down certain systems related to nuclear facilities while leaving others unharmed.
“How ironic is it, to not use a smartphone in case someone might use your messages, to use a pager instead, and then it blows up. It’s absolutely fascinating” he said.
“I hope one day we get the details about how all this worked. It’s just going to be one of those absolute spy novel kind of stories.”
Get news and reviews on technology, gadgets and gaming in our Technology newsletter every Friday. Sign up here.