Explosions involving pagers and hand-held radios in Lebanon, linked to a sophisticated supply chain attack, have raised concerns about potential future threats to smartphones and highlighted the challenges of tampering with modern electronic devices.
At least nine people were killed and nearly 300 were injured on Wednesday when electronic devices, including hand-held radios used by the armed group Hezbollah, exploded in southern Lebanon and the southern suburbs of Beirut, according to the country’s health ministry. This incident follows the previous day's event, where a dozen people lost their lives in pager explosions across Lebanon.
The explosions occurred just as the group announced on Wednesday that it had launched rockets at Israeli artillery positions. This marked the first attack on its longtime adversary since the pager blasts injured thousands of its members in Lebanon and heightened fears of a broader Middle East conflict.
Hundreds wounded, several dead in second round of remote device explosions targeting Hezbollah
Pagers, walkie-talkie radios, fingerprint machines, and solar energy systems exploded across Lebanon, resulting in a second mass-casualty event, killing and critically wounding… pic.twitter.com/VxpxpSAJpQ
Now another series of blast in , Telecom devices 'Walkie Talkie' have reportedly exploded in and various other areas of . pic.twitter.com/zcgMYvgx00
— Nikhil Choudhary (@NikhilCh_)According to Reuters, citing a security source, Hezbollah purchased the hand-held radios or walkie-talkies about five months ago, around the same time they acquired the pagers.
The devices, chosen for their difficulty to track compared to smartphones, were reportedly rigged with explosives by Israeli intelligence. These explosives detonated upon receiving a message.
The attack has sparked concerns on social media that smartphones might be the next target. Experts are now weighing in on whether this is a real threat and how to ensure that newly-purchased smartphones are secure.
Smartphones could be next?
Social media has been abuzz with fears that smartphones might be the next target, with some users claiming that "any electronic device can be turned into a bomb." One commentator noted, "If pagers can be hacked to explode, cell phones could be next."
Reports have suggested that a cyber hack by Israel might have caused battery overheating and subsequent combustion, but experts consider this scenario unlikely. Instead, the issue may stem from physical tampering with the devices.
Pagers, widely used in the 1990s, are small wireless devices that beep or vibrate to alert users of incoming transmissions. They display alphanumeric messages, such as phone numbers for the user to call. There are one-way pagers, which only receive messages, and response or two-way pagers, which can also send replies using an internal transmitter.
Dr. Lukasz Olejnik, a visiting senior research fellow at the Department of War Studies at King's College London, acknowledged that while pagers have become a 'niche' technology, they remain valuable for emergency situations and highly specialized uses.
"Pagers were used for reasons of operational security to limit the risk of eavesdropping or tracking. Pagers have smaller attack surface than smartphones – it’s much more difficult to hack them," Dr. Olejnik was quoted as saying in a MailOnline report.
He added that while smartphones could also be targeted in similar attacks, they are easier to track, which could complicate their use in such scenarios.
Dr. Olejnik reassured that there is "no risk of someone causing your smartphone to explode." He explained that most modern smartphones are designed in a way that makes such tampering either very difficult or nearly impossible.
For those feeling particularly concerned, he recommended using an explosive material detector on your phone and purchasing devices directly from reputable vendors like Apple, rather than second-hand sources.
Dr. Olejnik emphasized that this scenario is extremely rare and assured that it is unlikely we will see electronic devices exploding on a regular basis.
"It is simply extremely unlikely – this thing in Lebanon is an operation and it required resources such as money, people, etc," he told MailOnline.
Dr. Olejnik also described the theory circulating on social media that a cyber hack caused battery overheating and combustion—without the presence of implanted explosives—as "unlikely."
'Doing this to smartphone could be difficult'
Photos from the Middle East reveal the shattered remains of pagers branded by Gold Apollo, a Taiwanese manufacturer. However, Gold Apollo has stated that it licensed its brand to a Budapest-based company, BAC Consulting, and was not involved in producing these devices.
Nicholas Reece, a computer researcher at New York University, commented that it is difficult to believe the manufacturer was actively involved, given the potential negative impact on their business.
"However, Israel clearly had physical access to the devices to implant the technology then repackage them. Doing this to a smart phone would be considerably more difficult. There would need to be enough physical space inside the smart phone enclosure to put the explosives, which is unlikely the case with any modern smartphone," Reece was quoted as saying in the MailOnline report.
"The enclosures are also more difficult to open and reclose in a way that does not affect the phone or cannot be detected. Particularly Apple has a very robust supply chain management system, which would also have to be infiltrated and mitigated," he added.
Experts, based on available footage, believe that the pagers were rigged with explosives that caused the simultaneous explosions somewhere along the supply chain before reaching Hezbollah members.
A security source told Reuters that up to 3 grams of explosives were concealed within the pagers and had remained "undetected" by Hezbollah for several months.
Israel brilliantly managed to simultaneously explode hundreds of pagers that Hezbollah ops carried in their front pockets for communicating with each other.
Lots of missing testicles in Lebanon today. 😁 pic.twitter.com/NcJGEC3afz
THIS IS CRAZY! 😳🤯🚨
Israeli Intelligence (Mossad) is responsible for KILLING at least 8 people in Lebanon, including children, as well as INJURING OVER 2750 other Hezbollah fighters by way of hacking their pagers & mobile devices causing them to EXPLODE in a MASSIVE targeted… pic.twitter.com/pToLuoVX1o
How did Hezbollah's devices explode in Lebanon?
Olav Lysne, a computer scientist based in Norway, concurs that the recent device explosions in Lebanon likely involved an interception of the supply chain.
"Most experts now seem to guess that the equipment was sent from the provider fully intact, but that the shipment was intercepted, and that explosives along with trigger functionality was inserted while the equipment was in shipment," he was quoted as saying in the MailOnline report.
He further stated, "Your phone can definitely be tampered with. Still, the likelihood that someone have placed explosives in it is extremely small unless you are the target of a resourceful intelligence agency."
Josep Jornet, a professor of electrical and computer engineering at Northeastern University, believes that the pagers were altered to detonate upon receiving a specific message.
"Somewhere between the manufacturer and the user someone had access to these pagers," he was quoted as saying in a Northeastern Global News report.
"And they did not just modify the software, they would make it react in the presence of a specific message. They also added a tiny explosive next to the battery, so that the reaction would not just be a battery blowing up, it would be the actual pagers exploding," Jornet added.
N.R. Jenzen-Jones, a military arms expert and director of Armament Research Services in Australia, believes that explosives were integrated into the pagers at an early stage. "The scale suggests a complex supply-chain attack, rather than a scenario in which devices were intercepted and modified in transit," he wrote on X.
Lebanon's foreign ministry has described the explosions as an "Israeli cyberattack" but has not provided further details on how this conclusion was reached.