Lebanese militant group Hezbollah has had a rough couple of days with communication devices exploding all around them. Thousands of pagers detonated simultaneously in Hezbollah strongholds on Tuesday, the 17th of September, killing 9 and injuring more than 3,000 Lebanese citizens. Among the affected were several Hezbollah fighters as well as Iran’s envoy to Beirut. The very next day, the walkie-talkies used by the militant group detonated in Suburban Beirut and the Bekaa Valley, killing at least 20 and injuring 450 people. Hezbollah has accused Israel of the detonation and vowed to retaliate. The Israeli military has been engaged in a cross-border conflict with Iran-backed Hezbollah since the start of the Gaza war in October. This situation brings this conflict dangerously close to all-out war, making the situation in the Middle East much worse than it already is. Israel has declined to comment on the situation at this time.
Do people still use pagers?
Being such a volatile area of the Middle East, Lebanon and its citizens are usually under some form of surveillance. This is especially true due to the escalating cross-border conflict with Israel, which has some of the best intelligence and surveillance in the modern world. After the deaths of several of their commanders in targeted Israeli strikes, Hezbollah has started using some strategies to try and evade Israel’s high-tech surveillance. The use of pagers as a means of communication is one such strategy.
Pagers are handheld devices that can be used to send messages.
Pagers do not require internet or mobile network connections. This makes them harder to hack or track, providing secure lines of communication among the militants.
How could these explosions have been caused?
According to a security source, both the Walkies and Pagers were bought around the same time about 5 months before the blasts. This indicates a supply-chain attack wherein the devices themselves were tampered with during manufacturing or distribution.
Let us take a look at this situation from a hacker’s perspective.
A Hacker’s Analysis
Let us first examine the technology of the devices themselves. Pagers are not overly complex pieces of technology. They communicate using radio frequencies, not internet or cellular networks, feature a simplistic old-school calculator-like screen and a radio transmitter and receiver, and are powered by lithium-ion batteries.
The only part of the hardware of the pager itself that could be used to cause an explosion is the battery. If a lithium-ion battery is caused to overheat, it will undergo a series of chain reactions and explode in a process called thermal runaway.
Walkie-talkies are not much different in the way that they communicate. They feature a microphone, speaker, and antenna in addition to hardware similar to a pager with larger batteries.
It is not easy to set off a battery remotely. Unlike smartphones, walkies and pagers do not connect to the internet. Since the only way to access them remotely is via radio signals, the only way to achieve an explosion remotely is to send a signal designed to cause the battery to overheat. This will most likely be a signal that bombards the receiver with signals, causing the device to overload, overheat, and explode. This method is infeasible at a large scale such as this. It would be difficult to cause the system to overheat enough to cause the battery to explode, but it would also be near-impossible to synchronise at such a large scale. Overall there are just too many unknowns involved for this to be a reliable method.
A more feasible method, and most likely the one used in this case as the earlier evidence suggests, is modifying the hardware in a supply-chain attack. It is very possible that the devices ordered by Hezbollah had already been compromised before they even entered Lebanon. This can be done by infiltrating the supply chain and embedding explosive components in the devices during the manufacturing or distribution processes. This component could be a mini-bomb in itself or a heating component designed to cause the battery to explode. This component would then be triggered remotely. In this case, a synchronised explosion could be orchestrated with ease.