The pagers that turned into explosive devices and killed at least 11 people in Lebanon on Tuesday were reportedly manufactured in Taiwan and tampered with by Israel before being delivered to Lebanese Hezbollah, according to US sources cited by the New York Times. Between 28 and 55 grams of explosives were added to each of these devices, obviously without the knowledge of their recipients.
The operation is, in itself, a technical feat that demonstrates the “highly sophisticated” technological capability of the State of Israel, experts say. According to the New York TimesHezbollah reportedly ordered hundreds of four models of pagers from Taiwanese company Gold Apollo. The devices were reportedly intercepted to add explosives and a detonator that could be activated remotely.
PHOTO ANN WANG, REUTERS
Pagers from Taiwanese company Gold Apollo
These pagers exploded simultaneously in different regions of Lebanon and killed or injured thousands of people. “These are not normal pagers that do this,” the AFP had said earlier Tuesday. The Press Michel Juneau-Katsuya, former Canadian Security Intelligence Service (CSIS) agent and national security expert.
According to Mr. Juneau-Katsuya, the international community should react strongly to “this reprehensible act.”
This demonstrates the level of technological sophistication [derrière l’explosion]. It also demonstrates a fierce warrior spirit, which has little regard for the lives of civilians.
Michel Juneau-Katsuya, former agent of the Canadian Security Intelligence Service (CSIS)
Nor is this the first such act in the region. A few years ago, a Hezbollah leader had his cell phone blow up in his face. The pager stunt is just a slightly more sophisticated version of that event.
From connected object to cyberweapon
Remotely detonating a connected object is not so new and could even become more widespread. Cybersecurity experts warned as early as 2022 that it was “extremely easy to turn any connected object into a cyber explosive.”
“If you see connected devices exploding without warning, remember that you first saw how to do it here at DefCon 2022,” two programmers from the California-based tech company Synack said on stage in Las Vegas in August 2022. The company has a network of “white hat hackers,” or “ethical” hackers, cybersecurity specialists who inspect new technologies for security holes to patch.
Unbeknownst to them at the time, two of these specialists, Patrick Wardle and Colby Moore, demonstrated how it was technically possible to carry out, at low cost and with very few technical means, a remote attack like the one that involved members of the Lebanese Hezbollah.
The difference is that, rather than pagers, the two cybersecurity experts’ demonstration revolved around WiFi-connected video cameras from the brand DropCam (now owned by Google).1.
In their example, an individual receives a seemingly ordinary video camera in the mail. He unpacks it, sets it up in his home, and connects it to the Internet. Two minutes later, the device explodes and starts a fire in the apartment.
“It is possible to add just a few hardware components to any connected object – and that will turn it into a cyber weapon.”
A “safe” means of communication
Pagers were popular communication tools during the 1980s and 1990s that have since been replaced by mobile phones. However, they are still used in certain specific situations, such as within the Quebec health network.
Their wireless range can be greater than that of a phone, and they can be more effective at communicating a specific emergency to the wearer. “The alert doesn’t get lost among all the other alerts you might get on a phone,” says Quebec cybersecurity expert Steve Waterhouse.
That said, such a device, if unmodified, cannot explode with force, Waterhouse said. The DefCon 2022 example proves that the device must have been rigged in advance to contain the material required to cause significant damage upon receipt of a specific signal.
These are not normal pagers where the battery has simply been overheated.
Steve Waterhouse, cybersecurity expert
Without the explosives, the result would probably be closer to the Samsung phone overheating battery incident in 2016.2 : smoke coming from the device, or the battery swelling, all warning signs of a battery overheating, well before it explodes.
The cybersecurity expert therefore wants to be reassuring for owners of pagers in Quebec. “The question is mainly who distributes the pagers,” he says. “If it is a trusted person, there is no reason to worry.”
1. Watch Patrick Wardle and Colby Moore’s talk at DefCon 2022
2. Read “Samsung recalls one million phones over explosion risk”