Exploding hand-helds

by Ty Myrddin

Published on Sept 25, 2024

So what happened

The first round of blasts began in Lebanon's capital Beirut and several other areas of the country at about 15:30 local time on Tuesday 17 september 2024 involving pagers. Another round of blasts, now from walkie-talkies, happened on Wednesday the 18th, at around 17:00 local time. Some of the pagers used by Hezbollah are models that run on lithium-ion batteries, which can cause dangerous explosions. According to information obtained by LBCI, the pager server can have been compromised, leading to the installation of a script that caused an overload. This then could have resulted in the overheating of the lithium battery, which then exploded. But it is unlikely that a regular pager battery alone can produce blasts that can injure multiple people (as was seen in some of the recorded attacks). It seems more likely the pagers were interdicted and modified with explosives.

Interdiction

Using so-called "interdiction", the target hardware is intercepted while on route to a next supplier in the supply chain. The hardware must be unpackaged, modified, repackaged and put back in the chain without raising red flags. Using "Seeding" is probably even harder, because the manipulation happens on the factory floor. Access in both cases can be gained by social engineering, like posing as officials, bribery, threatening an insider, etcetera.

Hardware supply chain attacks are extremely hard to defend from.

Once the hardware is successfully modified, adversaries can use the back door to gain further access or exfiltrate data, it is difficult to detect and fix, and gives long-term access. It is entirely possible that explosives planted in the pagers were detonated using a remote command, perhaps hidden in a pager message. But erm? there is not much space in the devices. Which explosives were that then?

Targeting costs

To make it a targeted attack the attacker would need an operative to make sure the modified devices are delivered to the targets and not just anyone. This requires a mole, or a bribe. And time. How long does it take to infiltrate Hezbollah providers to the point of delivering hundreds of devices?

Why this attack?

Buying time? Replacing a large number of pagers will take time. Deterrence? The first round came just hours after Israel's security cabinet made the safe return of residents to the north of the country an official war goal. Showing the depth of Israel's intelligence pockets might deter Hezbollah. Amos Yadlin, a former head of Israeli military intelligence, said the Israeli attack displayed "very impressive penetration capabilities, technology and intelligence." The deterrence factor however, does not seem to be working.

Did anyone else notice the use of the word "penetration"? What on Earth do they think they are doing?

And it is not a surprise either. Similar capabilities were already shown. Still, the scale of this attack seems "unprecedented".

As mp wrote: "In other words, it seems to me, this action is only really possible ("easy") if you are already deeply invested in the dark arts of arms trafficking and dealing, which is to say: embedded in the global, criminal economy. It is statecraft."

Western response

There are UN accusations that this constitutes a war crime, as well as congratulations on the ingenuity of the attack, while it injured at least 2800 people and killed at least nine. But not really an outcry. I have not seen a real outcry on what is happening in Gaza either, by the way. Have we gone numb because of all the war and killing?

The best explanation I have seen is from Patrice: "In general, I think there is by now a weariness to address the increasingly dystopian aspect of tech, wether it's corporate or military developed and deployed, since (i) it makes one very depressive (ii) it won't help anyway"

Historically, technological advances are double-edged swords. Technology has been used against us, while claimed to have been designed to help us. Such opportunism rules mankind. What if our governments are taken over by less-democratic forces? If hand-held devices, such as walkie-talkies or pagers, can be implanted with explosives and can kill targets, how safe are any of us from this mode of attack?

Posting this is also unlikely to help, but I feel slightly better.

Raw magic crackled from their spines, earthing itself harmlessly in the copper rails nailed to every shelf for that very purpose. Faint traceries of blue fire crawled across the bookcases and there was a sound, a papery whispering, such as might come from a colony of roosting starlings. In the silence of the night the books talked to one another. A student