Why was this flagged? I vouched for it as it would make for an interesting discussion about the security of these devices and how this kind of cyberattack might have happened.
Are smartphones, for example, also vulnerable to it?
Anything any particularly motivated group dislikes here gets flagged; always been this way. Thanks for vouching.
> Are smartphones, for example, also vulnerable to it?
I also would love an answer to this question. Up until 12 minutes ago, I would never have thought _blowing up_ hundreds of pagers simultaneously was a realistic scenario.
If anyone can make sense of how this actually worked I'd be grateful. If it can be done to pagers, it seems likely that it can be done to other networked lithium devices: phones, tablets, laptops, smart watches, cameras, drones, medical devices, toys, and even electric vehicles.
Lest anyone tries to deny this happened: There's video of two separate cases on the nowinpalestine Instagram page.
98% sure these were booby trapped with plastic explosives or similar, meaning it’s a supply chain attack more than a cyber attack. LiPos exploding would be more sizzle and less instant boom, you can’t just hack your way through thermal runaway without all the smoke and building temperature first.
"Political" (including geopolitical) posts on here lead to an enormous amount of anger and noise and I fully get why they're verboten. In this case it's actually a fascinating issue that has a lot of crossovers with the domain of this site, but invariably the conversation would get overwhelmed with geopolitical noise instead of just focusing on the technical aspects.
I am just out of the gate, but the videos show sharp percussive explosions and no lithium evidence. So C4 or RDX in the devices on a 'mod board' with the explosive disguised as a big capacitor or something. It had to be put into the devices. In order to justify an operation like this the explosions had to be near-simultaneous so the mod board had to have its own clock, which would be as accurate as the crystal in the clock circuit provides, maybe drift of +/- a few seconds since installation.
The broadcast pager network does not offer this level of time precision for a detonation message so as ugly as it sounds, I believe at the moment that 9/17/2024@3:30pm (or whatever) was preloaded into the 'mod boards'.
Perhaps the 'mod board' had the capability for the future time to be set with a broadcast message, but that introduces such complexity! It requires the page system itself to be compromised. The victims' paranoia served them badly in this case, a recent warning about cell devices and a lower tech 'solution' is rolled out and they would only trust one source, so all you'd have to do was get an explody batch into the supply chain with (reasonable) assurance that only Hezbollah members would get them.
In the coming days I'd look for clues in: The simultaneity of the explosions with times to the second // were any duds found and disassembled? // is there a separate radio receiver on the mod board (to set future detonation time) // when did the 'rollout' of the devices begin? // How many pager carrying non-members were injured and what were the circumstances ('medics' being one group) // Will suspicious broadcasts be discovered from logs or logged radio intercepts?
Given the people we are dealing with (I mean both sides) I am thinking that the operation avoided ANY covert channels at all and was a simple date-time bomb.
>Are smartphones, for example, also vulnerable to it?
Yes if Israeli intelligence gets their hands on your smartphone (probably before you buy it) and installs an explosive and a software-hardware back door.
They usuall burst with fire. You'd have to have hardshell battery with no venting, and likely no protection circuit, and a way to cause sustained load on the battery, without the user noticing the heat first. Eh.
A short on a battery with protection circuit installed basically does absolutely nothing to the battery.
I'm yet to see a video with fire and a lot of smoke at minimum.
The subject is unfortunately likely to start a flamewar. I still think this should be on the front page because the technology and scope of this attack is unheard of if true. Israel somehow managed to weaponise hezbolla pagers by sending a message that caused them to explode. (Edit: i see the link i submitted has made it to the front page so it seems the moderators won't kill the story)
There might be other explanations than a cyberattack though. The pagers could have been prepared in some way before distribution.
From the videos, it looks like the explosions were quite sudden and remarkably violent for such a small device.
So in addition to people-hunting FPV drones, we now have the equivalent of exploding collars from science fiction movies like Running Man. I don't like where we're heading, but it was probably inevitable that technology would be used this way.
As mentioned in this thread by others, this is not a new attack vector and won’t be the last. The only difference is the scale. And technically speaking, anything can be weaponized.
"Hezbollah leader Hassan Nasrallah a few months ago called on his fighters, especially those who are on the front lines along Lebanon’s southern border with Israel, to stop using smartphones because Israel has the technology to infiltrate and penetrate those devices."
Obvious #1 Question - did Mossad manage to feed Hezbollah a huge number of weaponized pagers - or are there pagers which could be rooted in such a way that the stock hardware can "detonate"?
I don't think it would be quite the same as in explosive ordinance put into a device but it is very similar in that a mass hack could use the navigation system to target pedestrians and calculate the speed required to plow through them without losing control to maximize victim count. All that would be required in another remote hack as has been demonstrated on live highways in the past [1] combined with some form of AI or gaming engine. A mitigating control could be more bollards near sidewalks and more hydraulic bollards on intersections that have a lot of foot traffic to confine the hacks to smaller blast zones. This won't protect the occupants but maybe drive by wire car manufacturers could start adding a "oh crap" manual handle to physically disengage power and apply some type of physical friction brake.
A parking garage full of electric vehicles properly compromised (at least some of them) would be very ... energetic. Burning lithium batteries aren't precisely explosive, but they are still very angry. It is plausible that you could destroy a building with a chain reaction of battery fires. That is one of the safety concerns I think might not yet be fully accounted for (what happens when a bunch of electric cars are in a full closed lot and one of them starts on fire).
Any of the smart plugs or other devices plugged directly into the grid could be intentionally compromised to start a house fire. Millions of homes simultaneously catching fire would be catastrophic. Apartment buildings where a fire starts in 10%+ of the units.
This is a strong statement that probably isn’t true. The power transformers in those devices usually aren’t controlled and the things which are controlled will only sometimes be able to start fires. No doubt that some “smart” devices will have vulnerabilities that could cause fire, but just because there’s an available controller does not mean there’s an avenue to set fire to a device.
In short, unless a device is profoundly poorly designed, there’s no way to blink an LED so incorrectly that it starts a fire. (And many smart devices really aren’t doing much more than that)
The greater concern is lithium batteries catching fire while they are being charged. NYC seems to have a problem with dubious e-bikes already. If a few hundred or thousand battery controllers become compromised and the battery pack is charged with too much current it's like the bat bomb on testosterone.
> maybe drive by wire car manufacturers could start adding a "oh crap" manual handle to physically disengage power and apply some type of physical friction brake
It depends on the manufacturer, but I think this is already the case with Tesla cars? The brake specifically isn't drive-by-wire, it's an electrically assisted hydraulic brake - so even if a malicious actor could get the car to not do the assist part anymore, you can still stop by pressing the pedal hard.
I feel like bollards and other form of separating roads from pedestrians are unviable on the large scale. I hope manufacturers start focusing more on sandboxing any internet-connected parts of their software and leaving the whole car-driving part inaccessible from any of that.
What's definitely novel is the scale, perhaps not the tactic, which has been used many times before (speculative assumption being that the devices were tempered with)
The batteries are the only major energy storage device there to breach.
Clearly Israel has found a software vulnerability that lets them overload some otherwise minimally used processor and overheat the batteries. Above ~140f lithium ion cells go into thermal runaway.
I was discounting the possibility that Mossad was in control of global supplychains with sufficient intensity and recklessness to hide semtex and a detonator in an entire brand of consumer electronics, in its urgency to provide retroactive justification for every antisemitic conspiracy theory out there and ignite war with the entire Middle East.
The only thing in a pager that SHOULD BE THERE with enough energy to 'explode' on demand, is a lithium ion battery. Which is evidently, given further reports, not what happened here.
This article [1] has an image of the pager and a video supposedly showing one exploding in the bag of some guy while shopping groceries. From that I would suspect a supply chain attack integrating some explosive, that seems way too violent for just an exploding battery or anything else you would usually find in that kind of device.
I doubt it's just a cyberattack, the videos of the explosions indicate small explosives rather than batteries.
Don't think we'll know exactly what happened until Israel tells the world or an independent investigation concludes but so far my impression is there was a supply chain infiltration and thousands of pagers with explosives have been distributed to Hezbollah.
Is there a pager model sophisticated enough to accept remote firmware updates (or whatever condition for a software exploit) but lacking a battery protection IC? Otherwise wouldn't sabotage elsewhere in the chain be more likely?
It was most likely a supply chain attack integrating explosives into the pagers, this article [1] says the affected devices were from a recent shipment. The explosions are way too violent for malfunctioning batteries.
It must be a combination of hardware (put a bomb in it) and software (trigger an explosion when a particular command is received) hack. Triggering an explosion of all devices is needed because if people started hearing about exploding pagers, they'd place their own far away from anything precious to them.
Geez, I thought this kind of hack is the stuff of (bad) action movies.
I wonder if there's a pager that was powered off during the attack and if somebody will dissect how they did it.
It may be a combination of making the battery overheat which would trigger the planted explosives from a supply chain attack. Of course, I am no hardware engineer/bomb expert to know if that is possible.
I doubt it has anything to do with the battery, pagers typically use the far more stable (and less energy dense) NiMH composition over a typical lithium one.
Most pagers also aren’t designed incinerate/explode when they receive a signal, so I don’t know if we can make assumptions based on what typical pagers do. Seems a lot easier to short a LiPo battery than conceal a tiny explosive. An explosive can be found, but they’re unlikely to find out that the BMS is bugged to short the battery to ground
A LiPo will burn, aggressively and hot, but they don't explode.
To get a LiPo to explode you'd need to both puncture/rupture it and somehow contain the escaping gasses long enough to build up pressure.
No, I'm as convinced as I can be that this was a supply-chain attack, and used a purpose-built "addition" the pagers in the form of an explosively formed penetrator.
Given that an EFP is usually concave, I'll even go so far as to say I bet it was disguised as part of the speaker assembly.
LiPos used today burn because they have vent slits. Remove the vents and it’s far more likely to explode. In any case, we’ll probably find out in a couple weeks.
They’re pagers, so it could also be a modification of the firmware to listen for a certain message (could it be as simple as a pocsag network where all of the pagers would get every message and only alert if it’s targeted for them?)
I saw some videos of explosions, the pagers received some sort of signal or message that made the holder look at the pager.
Most of the injuries were to the hands or eyes. It was a very very weak explosion - even people right next to the person were not harmed, just the person holding the pager.
Warning, under the International Traffic in Arms Regulations in the US civil fines of up to $500k per violation apply to software exports classified as related to munitions or military applications. You may want to consult an attorney before sharing such algorithms on a public forum.
In the real world, threat models are much simpler (see Figure 1). Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good pass-word and don’t respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they’re going to use a drone to replace your cellphone with a piece of uranium that’s shaped like a cellphone, and when you die of tumors filled with tumors, they’re going to hold a press conference and say “It wasn’t us” as they wear t-shirts that say “IT WAS DEFINITELY US,” and then they’re going to buy all of your stuff at your estate sale so that they can directly look at the photos of your vacation instead of reading your insipid emails about them.
"""
Pretty wild that this mentions a mobile device supply chain attack explicitly.
Nah, it's like how the existence of Star Trek influences future development of technology. Did Mickens call it, or did the Mossad get the idea from Mickens?
Israel infiltrated the supply chain and inserted a bomb into the device configured to be detonated 3 seconds after a specific message is received. Then they waited x months and sent the page.
These appear to be actual explosions, not battery combustion (there's footage on Twitter of at least one of them going off, it's a detonation rather than intense burning)
Definitely some non-standard internals in those devices...
3,020 comments
[ 2.0 ms ] story [ 482 ms ] threadAre smartphones, for example, also vulnerable to it?
Anything any particularly motivated group dislikes here gets flagged; always been this way. Thanks for vouching.
> Are smartphones, for example, also vulnerable to it?
I also would love an answer to this question. Up until 12 minutes ago, I would never have thought _blowing up_ hundreds of pagers simultaneously was a realistic scenario.
If anyone can make sense of how this actually worked I'd be grateful. If it can be done to pagers, it seems likely that it can be done to other networked lithium devices: phones, tablets, laptops, smart watches, cameras, drones, medical devices, toys, and even electric vehicles.
Lest anyone tries to deny this happened: There's video of two separate cases on the nowinpalestine Instagram page.
[0] https://news.ycombinator.com/item?id=41567573
The broadcast pager network does not offer this level of time precision for a detonation message so as ugly as it sounds, I believe at the moment that 9/17/2024@3:30pm (or whatever) was preloaded into the 'mod boards'.
Perhaps the 'mod board' had the capability for the future time to be set with a broadcast message, but that introduces such complexity! It requires the page system itself to be compromised. The victims' paranoia served them badly in this case, a recent warning about cell devices and a lower tech 'solution' is rolled out and they would only trust one source, so all you'd have to do was get an explody batch into the supply chain with (reasonable) assurance that only Hezbollah members would get them.
In the coming days I'd look for clues in: The simultaneity of the explosions with times to the second // were any duds found and disassembled? // is there a separate radio receiver on the mod board (to set future detonation time) // when did the 'rollout' of the devices begin? // How many pager carrying non-members were injured and what were the circumstances ('medics' being one group) // Will suspicious broadcasts be discovered from logs or logged radio intercepts?
Given the people we are dealing with (I mean both sides) I am thinking that the operation avoided ANY covert channels at all and was a simple date-time bomb.
Yes if Israeli intelligence gets their hands on your smartphone (probably before you buy it) and installs an explosive and a software-hardware back door.
As much as I'd love to believe this couldn't happen without physical tampering, I see no good reason to.
A short on a battery with protection circuit installed basically does absolutely nothing to the battery.
I'm yet to see a video with fire and a lot of smoke at minimum.
There might be other explanations than a cyberattack though. The pagers could have been prepared in some way before distribution.
From the videos, it looks like the explosions were quite sudden and remarkably violent for such a small device.
So in addition to people-hunting FPV drones, we now have the equivalent of exploding collars from science fiction movies like Running Man. I don't like where we're heading, but it was probably inevitable that technology would be used this way.
"Hezbollah leader Hassan Nasrallah a few months ago called on his fighters, especially those who are on the front lines along Lebanon’s southern border with Israel, to stop using smartphones because Israel has the technology to infiltrate and penetrate those devices."
https://www.aljazeera.com/news/liveblog/2024/9/17/israels-wa...
https://news.ycombinator.com/item?id=41567573
https://www.gapollo.com.tw/rugged-pager-ar924/
I can't find the link now, but it was based on an image of the back of burned pager.
Edit: wayback machine link: https://web.archive.org/web/20240529091558/https://www.gapol...
No battery powered gadget as ever exploded like that ever
That's a battery explosion: https://www.youtube.com/watch?v=KR7_xwQbYp0
That's a bomb: https://x.com/DrEliDavid/status/1836037485492629605
[1] - https://www.youtube.com/watch?v=RZVYTJarPFs [video][2 mins]
In short, unless a device is profoundly poorly designed, there’s no way to blink an LED so incorrectly that it starts a fire. (And many smart devices really aren’t doing much more than that)
It depends on the manufacturer, but I think this is already the case with Tesla cars? The brake specifically isn't drive-by-wire, it's an electrically assisted hydraulic brake - so even if a malicious actor could get the car to not do the assist part anymore, you can still stop by pressing the pedal hard.
I feel like bollards and other form of separating roads from pedestrians are unviable on the large scale. I hope manufacturers start focusing more on sandboxing any internet-connected parts of their software and leaving the whole car-driving part inaccessible from any of that.
Reuters seems to have a bit more details, and is probably a bit less biased than current URL (timesofisrael.com): https://www.reuters.com/world/middle-east/dozens-hezbollah-m...
Footage from the hospital
> some people felt the pagers heat up and disposed of them
https://www.wsj.com/world/middle-east/hundreds-of-hezbollah-...
Clearly Israel has found a software vulnerability that lets them overload some otherwise minimally used processor and overheat the batteries. Above ~140f lithium ion cells go into thermal runaway.
The only thing in a pager that SHOULD BE THERE with enough energy to 'explode' on demand, is a lithium ion battery. Which is evidently, given further reports, not what happened here.
[1] https://realrepublic.com/encrypted-hezbollah-pagers-simultan...
one video: https://x.com/Breaking911/status/1836039436653519209
Don't think we'll know exactly what happened until Israel tells the world or an independent investigation concludes but so far my impression is there was a supply chain infiltration and thousands of pagers with explosives have been distributed to Hezbollah.
[1] https://www.wsj.com/world/middle-east/hundreds-of-hezbollah-...
Geez, I thought this kind of hack is the stuff of (bad) action movies.
I wonder if there's a pager that was powered off during the attack and if somebody will dissect how they did it.
Edit: then again maybe the code is as simple as
To get a LiPo to explode you'd need to both puncture/rupture it and somehow contain the escaping gasses long enough to build up pressure.
No, I'm as convinced as I can be that this was a supply-chain attack, and used a purpose-built "addition" the pagers in the form of an explosively formed penetrator.
Given that an EFP is usually concave, I'll even go so far as to say I bet it was disguised as part of the speaker assembly.
Most of the injuries were to the hands or eyes. It was a very very weak explosion - even people right next to the person were not harmed, just the person holding the pager.
Here's my favorite: https://scholar.harvard.edu/files/mickens/files/thenightwatc...
In the real world, threat models are much simpler (see Figure 1). Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good pass-word and don’t respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they’re going to use a drone to replace your cellphone with a piece of uranium that’s shaped like a cellphone, and when you die of tumors filled with tumors, they’re going to hold a press conference and say “It wasn’t us” as they wear t-shirts that say “IT WAS DEFINITELY US,” and then they’re going to buy all of your stuff at your estate sale so that they can directly look at the photos of your vacation instead of reading your insipid emails about them.
"""
Pretty wild that this mentions a mobile device supply chain attack explicitly.
If the footage on Twitter is legit, there was something more explosive than a battery inside those pagers.
Definitely some non-standard internals in those devices...