From Israel to Lebanon via Taiwan: Did IDF really hack Hezbollah-bound 5,000 pagers?

On Tuesday, a series of explosions involving pagers, many reportedly used by members of Hezbollah, erupted across Lebanon.

These blasts resulted in the deaths of at least eight individuals and injuries to more than 2,700, as reported by the Lebanese health ministry and various online videos. The immediate aftermath sparked widespread speculation regarding the cause of the explosions.

Historically, lithium-ion batteries have been known to catch fire and explode when damaged. Improper recycling or accidental puncturing of these batteries has led to numerous fires in trash and recycling facilities, which are currently experiencing record-high incident levels.

However, in the case of the recent explosions in Lebanon, doubts have emerged about whether a malfunctioning battery alone could account for the scale of destruction observed.

Accusations and possible methods of attack
Following the explosions, Hezbollah quickly accused Israel of orchestrating the attacks. Tensions between Israel and Hezbollah have escalated since Hamas launched an attack on Israel on October 7, 2022.

In a subsequent statement, Hezbollah described the incident as “criminal aggression targeting civilians.” Meanwhile, the Israel Defence Forces refrained from commenting on the situation. An unnamed Hezbollah official referred to the explosions as the “biggest security breach” the group has encountered during its ongoing conflict with Israel.

Details regarding the method of attack remain unclear. Initial social media reports suggested that the pager explosions could have been triggered by a digital hacking incident that caused the batteries to overheat.

The Lebanese Broadcast Corporation reported that preliminary investigations indicated a potential cyberattack had compromised the pager server, leading to the installation of a script that caused an overload, resulting in the batteries overheating and subsequently exploding.

Footage shared online showed blasts that appeared too powerful to be solely attributed to pager batteries. One widely circulated image depicted a damaged pager, with some identifiable make and model information, suggesting it might be a Gold Apollo AP-900 alphanumeric pager. Other sources indicated that the model could be the Gold Apollo AR-924, which operates on lithium-ion batteries.

While the AP-900 uses two AAA batteries, which could theoretically explode, it is unlikely they would generate the level of force observed in the explosions. Conversely, if the AR-924 or a similar model was involved, the lithium-ion batteries could pose greater risks, yet experts argue that even these would not typically cause blasts capable of injuring multiple people.

Theories on use of explosive use and supply chain security
Experts, including former National Security Agency officials, have suggested that the scale of the explosions points towards the possibility of explosives being deliberately added to the pagers by unidentified assailants. One security expert remarked that the magnitude of the damage indicates the presence of additional explosive materials, rather than just the failure of lithium-ion batteries.

Another expert explained that a battery needs to be in a specific condition to react violently, emphasising that the explosions witnessed in Lebanon were not typical of lithium battery incidents. In past cases, such as the recalls of the Galaxy Note 7 due to battery defects, injuries occurred but no fatalities were reported, and injuries were mostly localized.

Historical precedents exist for such attacks, including a 1996 incident where explosives were concealed within a mobile phone to target a Hamas bomb maker. This highlights the potential for a supply chain attack, wherein explosives could be secretly integrated into devices before they reach their users.

The Taiwan connect
According to reports from senior Lebanese security sources, the explosions were caused by small amounts of explosives hidden inside 5,000 Taiwan-made pagers ordered by Hezbollah five months before the incident. The devices, which the Iran-backed militant group used for communication, detonated simultaneously on Tuesday.

It was claimed that the explosives were embedded within the pagers by Mossad operatives, and a coded message triggered the detonations remotely. These pagers, ordered from Taiwanese manufacturer Gold Apollo, had been smuggled into Lebanon between April and May. One of the devices, identified as the AP924 model, was singled out by a security source as one that had exploded. Images of the damaged pagers revealed designs and stickers consistent with those from Gold Apollo.

The use of these pagers, despite being outdated technology, was essential for Hezbollah’s communication, particularly in regions where more modern devices may be vulnerable to monitoring. By targeting this communication system, Mossad dealt a blow to Hezbollah’s operational abilities. The sophisticated nature of the operation, involving undetectable explosives, has highlighted Mossad’s advanced capabilities in infiltrating supply chains and executing covert missions.

Meanwhile, Hsu Ching-Kuang, the founder of Gold Apollo founder has said in a statement the company did not make the pagers that were used in the detonations in Lebanon.

Even if the explosions were not triggered by a cyber-physical attack, it remains feasible that explosives hidden within the pagers were activated remotely. Some footage suggested users were checking their devices just as the explosions occurred, raising questions about whether a message could have served as a triggering mechanism.

Overall, the ramifications of these attacks extend beyond the immediate physical damage. The psychological impact on Hezbollah is likely significant, given the realisation that explosive devices could be hidden within everyday technology. This incident serves as a stark reminder of the lengths to which intelligence operations might go, particularly when electronic devices are involved.