3,020 comments

[ 2.0 ms ] story [ 482 ms ] thread
(comment deleted)
Why was this flagged? I vouched for it as it would make for an interesting discussion about the security of these devices and how this kind of cyberattack might have happened.

Are smartphones, for example, also vulnerable to it?

> Why was this flagged?

Anything any particularly motivated group dislikes here gets flagged; always been this way. Thanks for vouching.

> Are smartphones, for example, also vulnerable to it?

I also would love an answer to this question. Up until 12 minutes ago, I would never have thought _blowing up_ hundreds of pagers simultaneously was a realistic scenario.

If anyone can make sense of how this actually worked I'd be grateful. If it can be done to pagers, it seems likely that it can be done to other networked lithium devices: phones, tablets, laptops, smart watches, cameras, drones, medical devices, toys, and even electric vehicles.

Lest anyone tries to deny this happened: There's video of two separate cases on the nowinpalestine Instagram page.

98% sure these were booby trapped with plastic explosives or similar, meaning it’s a supply chain attack more than a cyber attack. LiPos exploding would be more sizzle and less instant boom, you can’t just hack your way through thermal runaway without all the smoke and building temperature first.
"Political" (including geopolitical) posts on here lead to an enormous amount of anger and noise and I fully get why they're verboten. In this case it's actually a fascinating issue that has a lot of crossovers with the domain of this site, but invariably the conversation would get overwhelmed with geopolitical noise instead of just focusing on the technical aspects.
I am just out of the gate, but the videos show sharp percussive explosions and no lithium evidence. So C4 or RDX in the devices on a 'mod board' with the explosive disguised as a big capacitor or something. It had to be put into the devices. In order to justify an operation like this the explosions had to be near-simultaneous so the mod board had to have its own clock, which would be as accurate as the crystal in the clock circuit provides, maybe drift of +/- a few seconds since installation.

The broadcast pager network does not offer this level of time precision for a detonation message so as ugly as it sounds, I believe at the moment that 9/17/2024@3:30pm (or whatever) was preloaded into the 'mod boards'.

Perhaps the 'mod board' had the capability for the future time to be set with a broadcast message, but that introduces such complexity! It requires the page system itself to be compromised. The victims' paranoia served them badly in this case, a recent warning about cell devices and a lower tech 'solution' is rolled out and they would only trust one source, so all you'd have to do was get an explody batch into the supply chain with (reasonable) assurance that only Hezbollah members would get them.

In the coming days I'd look for clues in: The simultaneity of the explosions with times to the second // were any duds found and disassembled? // is there a separate radio receiver on the mod board (to set future detonation time) // when did the 'rollout' of the devices begin? // How many pager carrying non-members were injured and what were the circumstances ('medics' being one group) // Will suspicious broadcasts be discovered from logs or logged radio intercepts?

Given the people we are dealing with (I mean both sides) I am thinking that the operation avoided ANY covert channels at all and was a simple date-time bomb.

>Are smartphones, for example, also vulnerable to it?

Yes if Israeli intelligence gets their hands on your smartphone (probably before you buy it) and installs an explosive and a software-hardware back door.

I've seen laptop and phone batteries explode with significant force on YouTube. It's called thermal runaway.

As much as I'd love to believe this couldn't happen without physical tampering, I see no good reason to.

They usuall burst with fire. You'd have to have hardshell battery with no venting, and likely no protection circuit, and a way to cause sustained load on the battery, without the user noticing the heat first. Eh.

A short on a battery with protection circuit installed basically does absolutely nothing to the battery.

I'm yet to see a video with fire and a lot of smoke at minimum.

even that is not far fetched. This is a typical supply chain attack.
I never said it was far fetched.
The subject is unfortunately likely to start a flamewar. I still think this should be on the front page because the technology and scope of this attack is unheard of if true. Israel somehow managed to weaponise hezbolla pagers by sending a message that caused them to explode. (Edit: i see the link i submitted has made it to the front page so it seems the moderators won't kill the story)
I was wondering the same thing.

There might be other explanations than a cyberattack though. The pagers could have been prepared in some way before distribution.

From the videos, it looks like the explosions were quite sudden and remarkably violent for such a small device.

So in addition to people-hunting FPV drones, we now have the equivalent of exploding collars from science fiction movies like Running Man. I don't like where we're heading, but it was probably inevitable that technology would be used this way.

As mentioned in this thread by others, this is not a new attack vector and won’t be the last. The only difference is the scale. And technically speaking, anything can be weaponized.
[flagged]
[flagged]
[flagged]
The reasons were quoted in the media:

"Hezbollah leader Hassan Nasrallah a few months ago called on his fighters, especially those who are on the front lines along Lebanon’s southern border with Israel, to stop using smartphones because Israel has the technology to infiltrate and penetrate those devices."

https://www.aljazeera.com/news/liveblog/2024/9/17/israels-wa...

any indication which brand(s) of pagers were in use?
The latest versions just exploded; not sure about the brands though
The ones that had explosives put into them.
(comment deleted)
Obvious #1 Question - did Mossad manage to feed Hezbollah a huge number of weaponized pagers - or are there pagers which could be rooted in such a way that the stock hardware can "detonate"?
For standard pager I can only imagine perhaps some way to short the battery, but that sounds unlikely even as I write it.
Yep. Though maybe with really-low-quality (safety-wise) batteries, and the description "detonate" being 99.9% journalistic hype...maybe?
This hack is the best argument against network-connected electric vehicles that there is. Imagine the same, but with tens of thousands of Teslas.
I don't think it would be quite the same as in explosive ordinance put into a device but it is very similar in that a mass hack could use the navigation system to target pedestrians and calculate the speed required to plow through them without losing control to maximize victim count. All that would be required in another remote hack as has been demonstrated on live highways in the past [1] combined with some form of AI or gaming engine. A mitigating control could be more bollards near sidewalks and more hydraulic bollards on intersections that have a lot of foot traffic to confine the hacks to smaller blast zones. This won't protect the occupants but maybe drive by wire car manufacturers could start adding a "oh crap" manual handle to physically disengage power and apply some type of physical friction brake.

[1] - https://www.youtube.com/watch?v=RZVYTJarPFs [video][2 mins]

Not one backdoor? not even for the blues?
(comment deleted)
A parking garage full of electric vehicles properly compromised (at least some of them) would be very ... energetic. Burning lithium batteries aren't precisely explosive, but they are still very angry. It is plausible that you could destroy a building with a chain reaction of battery fires. That is one of the safety concerns I think might not yet be fully accounted for (what happens when a bunch of electric cars are in a full closed lot and one of them starts on fire).
Any of the smart plugs or other devices plugged directly into the grid could be intentionally compromised to start a house fire. Millions of homes simultaneously catching fire would be catastrophic. Apartment buildings where a fire starts in 10%+ of the units.
Homes have surge protectors though that are out of band of the smart plugs.
This is a strong statement that probably isn’t true. The power transformers in those devices usually aren’t controlled and the things which are controlled will only sometimes be able to start fires. No doubt that some “smart” devices will have vulnerabilities that could cause fire, but just because there’s an available controller does not mean there’s an avenue to set fire to a device.

In short, unless a device is profoundly poorly designed, there’s no way to blink an LED so incorrectly that it starts a fire. (And many smart devices really aren’t doing much more than that)

The greater concern is lithium batteries catching fire while they are being charged. NYC seems to have a problem with dubious e-bikes already. If a few hundred or thousand battery controllers become compromised and the battery pack is charged with too much current it's like the bat bomb on testosterone.
> maybe drive by wire car manufacturers could start adding a "oh crap" manual handle to physically disengage power and apply some type of physical friction brake

It depends on the manufacturer, but I think this is already the case with Tesla cars? The brake specifically isn't drive-by-wire, it's an electrically assisted hydraulic brake - so even if a malicious actor could get the car to not do the assist part anymore, you can still stop by pressing the pedal hard.

I feel like bollards and other form of separating roads from pedestrians are unviable on the large scale. I hope manufacturers start focusing more on sandboxing any internet-connected parts of their software and leaving the whole car-driving part inaccessible from any of that.

It's almost certainly 15 grams of RDX.
Yes, some kind of Semtex or C-4 would fit the application
It's worth noting that RDX requires a detonator. This requires more space in the device.
(comment deleted)
Not sure why this was flagged, it's certainly a novel way of striking the enemy, regardless of the political undertones.

Reuters seems to have a bit more details, and is probably a bit less biased than current URL (timesofisrael.com): https://www.reuters.com/world/middle-east/dozens-hezbollah-m...

What's definitely novel is the scale, perhaps not the tactic, which has been used many times before (speculative assumption being that the devices were tempered with)
(comment deleted)
It's not especially novel, it's just a lot of similar weapons systems (e.g. cluster bombs, anti personnel landmines) are banned these days.
This may be the first widely reported deadly hack of a connected device. Wild times we live in.
Question for those with more knowledge on these devices: how can they detonate? The batteries?
It could be they had a way to warm up the batteries until these explode
The batteries are the only major energy storage device there to breach.

Clearly Israel has found a software vulnerability that lets them overload some otherwise minimally used processor and overheat the batteries. Above ~140f lithium ion cells go into thermal runaway.

It seems like they actually installed small bombs in the devices.
How is it so clear to you?
I was discounting the possibility that Mossad was in control of global supplychains with sufficient intensity and recklessness to hide semtex and a detonator in an entire brand of consumer electronics, in its urgency to provide retroactive justification for every antisemitic conspiracy theory out there and ignite war with the entire Middle East.

The only thing in a pager that SHOULD BE THERE with enough energy to 'explode' on demand, is a lithium ion battery. Which is evidently, given further reports, not what happened here.

This article [1] has an image of the pager and a video supposedly showing one exploding in the bag of some guy while shopping groceries. From that I would suspect a supply chain attack integrating some explosive, that seems way too violent for just an exploding battery or anything else you would usually find in that kind of device.

[1] https://realrepublic.com/encrypted-hezbollah-pagers-simultan...

they had to have had some extra components added: batteries won't pop like that, they haven't that much energy.
[flagged]
I don't want to be drawn into the wrongs or rights of it. I'm more interested in the technical implementation details.
Well yeah, we should know if we're carrying bombs around in our pockets. Definitely ethical implications too though.
Primary news suggests its an Israeli cyberattack
Cyberattack or supply chain attack? Who uses pagers? So a supply chain attack could have been the cause.
could be both
I doubt it's just a cyberattack, the videos of the explosions indicate small explosives rather than batteries.

Don't think we'll know exactly what happened until Israel tells the world or an independent investigation concludes but so far my impression is there was a supply chain infiltration and thousands of pagers with explosives have been distributed to Hezbollah.

Is there a pager model sophisticated enough to accept remote firmware updates (or whatever condition for a software exploit) but lacking a battery protection IC? Otherwise wouldn't sabotage elsewhere in the chain be more likely?
It was surprising tbh. Someone said on the news that they tried to control the short circuit and increase the voltage which made batteries explode??
(comment deleted)
It must be a combination of hardware (put a bomb in it) and software (trigger an explosion when a particular command is received) hack. Triggering an explosion of all devices is needed because if people started hearing about exploding pagers, they'd place their own far away from anything precious to them.

Geez, I thought this kind of hack is the stuff of (bad) action movies.

I wonder if there's a pager that was powered off during the attack and if somebody will dissect how they did it.

Edit: then again maybe the code is as simple as

    if (currentTime() >= KABOOM_TIME) { goKaboom(); }
[flagged]
It may be a combination of making the battery overheat which would trigger the planted explosives from a supply chain attack. Of course, I am no hardware engineer/bomb expert to know if that is possible.
I mean at that point why not just make the battery the explosive..it's not like it needs a great shelf-life just a kaboom
I doubt it has anything to do with the battery, pagers typically use the far more stable (and less energy dense) NiMH composition over a typical lithium one.
Most pagers also aren’t designed incinerate/explode when they receive a signal, so I don’t know if we can make assumptions based on what typical pagers do. Seems a lot easier to short a LiPo battery than conceal a tiny explosive. An explosive can be found, but they’re unlikely to find out that the BMS is bugged to short the battery to ground
A LiPo will burn, aggressively and hot, but they don't explode.

To get a LiPo to explode you'd need to both puncture/rupture it and somehow contain the escaping gasses long enough to build up pressure.

No, I'm as convinced as I can be that this was a supply-chain attack, and used a purpose-built "addition" the pagers in the form of an explosively formed penetrator.

Given that an EFP is usually concave, I'll even go so far as to say I bet it was disguised as part of the speaker assembly.

LiPos used today burn because they have vent slits. Remove the vents and it’s far more likely to explode. In any case, we’ll probably find out in a couple weeks.
It's probably much easier these days to source lithium batteries than NiMH ones.
Hypothetically there could be scenarios where something as simple as control over the right NTP servers could trigger that code, right? I
They’re pagers, so it could also be a modification of the firmware to listen for a certain message (could it be as simple as a pocsag network where all of the pagers would get every message and only alert if it’s targeted for them?)
Cheap cell phones have been used as detonators for quite some time.
(comment deleted)
(comment deleted)
I saw some videos of explosions, the pagers received some sort of signal or message that made the holder look at the pager.

Most of the injuries were to the hands or eyes. It was a very very weak explosion - even people right next to the person were not harmed, just the person holding the pager.

Warning, under the International Traffic in Arms Regulations in the US civil fines of up to $500k per violation apply to software exports classified as related to munitions or military applications. You may want to consult an attorney before sharing such algorithms on a public forum.
Well, James Mickens sure called this one.
Could you explain for the uninitiated?
"""

In the real world, threat models are much simpler (see Figure 1). Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good pass-word and don’t respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they’re going to use a drone to replace your cellphone with a piece of uranium that’s shaped like a cellphone, and when you die of tumors filled with tumors, they’re going to hold a press conference and say “It wasn’t us” as they wear t-shirts that say “IT WAS DEFINITELY US,” and then they’re going to buy all of your stuff at your estate sale so that they can directly look at the photos of your vacation instead of reading your insipid emails about them.

"""

Pretty wild that this mentions a mobile device supply chain attack explicitly.

Ah yes, the Mossad / Non Mossad threat model :). Classic.
Nah, it's like how the existence of Star Trek influences future development of technology. Did Mickens call it, or did the Mossad get the idea from Mickens?
I'd love a technical write up on how this is possible. Is it RF based or the battery being exploited?
"Intelligence agency intercepts batch of pagers and swaps out the internals" seems the most likely.

If the footage on Twitter is legit, there was something more explosive than a battery inside those pagers.

Israel infiltrated the supply chain and inserted a bomb into the device configured to be detonated 3 seconds after a specific message is received. Then they waited x months and sent the page.
How is this possible? Are they overclocking the MPUs and just heating the batteries to the point of explosion?
Surely just supply chain infiltration and regular explosives no?
Agreed, the story mentions that the exploded models were all the latest ones purchased in recent months
Wouldn't this be too easy to detect -- for example tripping airport security (or other X-ray security systems, govt. buildings etc).
I think a state actor would be able to make an explosive look like a battery on x-ray.
Well if you have personnel who regularly carry weapons and/or explosives maybe those checks don't apply...but anyway this is mere speculation.
These appear to be actual explosions, not battery combustion (there's footage on Twitter of at least one of them going off, it's a detonation rather than intense burning)

Definitely some non-standard internals in those devices...