The exploding Hezbollah pagers situation is an incredibly impressive supply chain attack by Israel (most likely). I am sure more details will come, but there are already some educated guesses to be made that narrow it down.
🧵1/n
🧵1/n
First, with over 1000 instances being reported, this is likely supply chain as opposed to a few modified devices. Done either during shipment and/or at the factory.
🧵2/n
🧵2/n
2nd, the explosions are substantial. Probably a high explosive like RDX or PETN. I am guessing the explosive was integrated into the battery for physical stealth. But, unlike Israel, I don’t know if Hezbollah checks their internals for it to matter.
🧵3/n
🧵3/n
But it’s not like you can modify the battery & be done. The explosive needs a trigger. In this video, just before explosion, you see the target looking down as if they just received a message. ~4sec later it explodes.
🧵4/n
🧵4/n
That requires electronics to filter for that exact message, then trigger detonator. Could be modified firmware, but you still need to get the electrical signal to the detonator. Some level of extra wiring/components is needed. For 1000+ units, feels like a whole custom PCB
🧵5/n
🧵5/n
If all these things were added to off the shelf pagers, it would have taken a lot of time. They’d have to produce solid clones in advance & swap a large shipment out in transit to not introduce a noticeable delay. Considering the scale, I suspect this is NOT how it was done
🧵6/n
🧵6/n
More likely is they had cooperation/control of the actual factory building these and introduced custom internals built from the ground up.
I guess we will just have to wait. There will be plenty of info to come.
🧵7/n
I guess we will just have to wait. There will be plenty of info to come.
🧵7/n
Speaking of info to come: Pager networks broadcast every single message across the service area. A $10 SDR with computer can pick up every pager message near you. So someone has to know what the exact trigger message was by now. But I haven’t seen it yet.
🧵8/n
🧵8/n
There’s lots of talk about this being done fully remotely by exploding the lithium battery in the suspected AR-924 pager.
A High Explosives expert can correct me, but this is NOT what lithium looks like 2 frames into explosion. Let alone the bodily damage happening.
🧵9/n
A High Explosives expert can correct me, but this is NOT what lithium looks like 2 frames into explosion. Let alone the bodily damage happening.
🧵9/n
“are there devices that didn’t detonate?” is a great question & it touches on why Hezbollah was even using pagers.
Ignoring malfunctions, the 2 conditions this would occur: pager was powered off/out of battery, pager was out of signal range.
So…
🧵10/n
Ignoring malfunctions, the 2 conditions this would occur: pager was powered off/out of battery, pager was out of signal range.
So…
🧵10/n
Sure, the first could have been mitigated in the custom build by faking power off. But let’s focus on how pager networks work.
One of the reasons Hezbollah saw pagers as “more secure” than cellphones is that they are receive only. They don’t ping the towers like phones do, making for easy location tracking.
🧵11/n
One of the reasons Hezbollah saw pagers as “more secure” than cellphones is that they are receive only. They don’t ping the towers like phones do, making for easy location tracking.
🧵11/n
But this is why a single pager message destined for one device is broadcast across the entire coverage area. The network doesn’t know where the pager is, nor if the pager even received the message!
If the pager isn’t able to receive the message when transmitted, it’s lost.
🧵12/n
If the pager isn’t able to receive the message when transmitted, it’s lost.
🧵12/n
But that’s also why it’s unlikely anyone turned their pagers off intentionally. The messages aren’t queued up waiting for the pager to come up.
So most likely it’s just pagers that were out of signal range or detonation malfunctioned. So maybe we will see a teardown!
🧵13/n
So most likely it’s just pagers that were out of signal range or detonation malfunctioned. So maybe we will see a teardown!
🧵13/n
To address @Laughing_Mantis other question: the fact that this SEEMs highly targeted to Hezbollah & appeared to be a commercial pager suggests the ability to control where these exact units were delivered, delivery swap, or on-site swap.
🧵14/n
🧵14/n
@Laughing_Mantis Israel has been using high explosives inside of personal devices, especially comms devices, for over 40 years. But usually only 1 device, or a small handful.
What’s notable is the supply chain control here. Something Israel has also previously demonstrated (Stuxnet).
🧵15/n
What’s notable is the supply chain control here. Something Israel has also previously demonstrated (Stuxnet).
🧵15/n
@Laughing_Mantis More commentary on the view that these are not lithium explosions:
🧵16/n
🧵16/n
@Laughing_Mantis I’m choosing the most likely guess for the electrical. Stuff like the below is possible, but fabbing a new PCB is cheaper (less engineering/design time).
But as with all offensive operations, you are stitching together a seemingly random set of constraints & opportunities.
🧵17/n
But as with all offensive operations, you are stitching together a seemingly random set of constraints & opportunities.
🧵17/n
@Laughing_Mantis As this has gone outside of my usual network: these are informed guesses.
My experience is in:
- covert electronics. Ex: building OMG Cable (see pinned profile post)
- lithium battery safety testing & catastrophic failure
- research into prior exploding hardware
🧵18/n
My experience is in:
- covert electronics. Ex: building OMG Cable (see pinned profile post)
- lithium battery safety testing & catastrophic failure
- research into prior exploding hardware
🧵18/n
@Laughing_Mantis This feels incorrect/lacking.
“overheating” a lithium battery (how?) seems like a terrible detonator for PETN, especially something like a tiny pager battery. You need a legit primary explosive for reliable detonation on thousands of devices.
Someone correct me!
🧵19/n
“overheating” a lithium battery (how?) seems like a terrible detonator for PETN, especially something like a tiny pager battery. You need a legit primary explosive for reliable detonation on thousands of devices.
Someone correct me!
🧵19/n
Reuters now has details. Aligns well with my guesses:
5000 pagers were modified "at the production level" with “a board inside that has explosive material & receives a code”
“very hard to detect it through any means. Even with any device or scanner”
Undetected for months!
🧵20/n
reuters.com
5000 pagers were modified "at the production level" with “a board inside that has explosive material & receives a code”
“very hard to detect it through any means. Even with any device or scanner”
Undetected for months!
🧵20/n
reuters.com
Loading suggestions...