,

Exploding Pagers: Could Your Smartphone Be Next?

September 26, 2024 • Zachary Amos

Advertisements

Lebanon and Syria shook with explosions in late September as thousands of hand-held devices detonated simultaneously. How were those devices rigged to explode? How did the explosions happen at the same time? 

At first, pagers exploded. Then, walkie-talkies went off. While only low-tech devices have been targeted so far, there are fears that other electronics could be rigged to explode. Do you need to worry about your smartphone being next?

What We Know About the Recent Explosions in Lebanon

On September 18, 2024, simultaneous explosions went off throughout Lebanon and Syria, lasting from around 3:30 p.m.-4:30 p.m. local time. At first, no one knew the cause. It quickly became apparent that pagers — small, wireless devices used to receive text messages — were the source of the detonations. 

The target of the attack was the Lebanese militant group Hezbollah — a nonstate militia designated as a terrorist group by the U.S. — and the explosions went off in areas where they had a heavy presence. 

Just one day later, on September 19, 2024, another mass detonation occurred in Lebanon. This time, walkie-talkies were the source. When the dust settled, over 3,000 people were injured, hundreds were in critical condition and dozens were dead. While most were Hezbollah members, nearby civilians were also injured or killed. 

The Hezbollah pagers worked one way, meaning they couldn’t reply or send messages. Since incoming messages are sent via a pager directory or phone, the sender cannot be identified unless they leave a callback number. 

When a pager receives a message, it vibrates or beeps. Reports vary, but the consensus is that people went to press a button to silence their devices — and an instant detonation followed. Many received wounds to their face, neck, torso or hands because they were trying to read the message before the explosion was triggered.

How the Exploding Pagers and Walkie-Talkies Were Rigged

An unnamed Hezbollah official who spoke to the Wall Street Journal said the group recently received a new shipment of pagers. According to them, some members felt the pagers heat up and tossed them away before they detonated. This fact suggests the trigger could have been overheating caused by malware. However, it could also be a faulty detonator component. 

While Israel has not yet accepted nor denied responsibility, numerous reports suggest it was involved in the attacks. An unnamed former Israeli official — who spoke on the condition of anonymity, citing the operation’s secrecy — said the explosions were part of a multiyear effort against the terrorist organization to infiltrate Hezbollah’s logistics structure.

A second former Israeli official claimed the September detonations weren’t part of the original plan. According to them, the pagers and radios only exploded because Israel feared Hezbollah had become aware of the plot.  

Various statements from unnamed Israeli and Hezbollah officials suggest the explosions were the result of a very successful supply chain attack. The exploding pagers looked like Gold Apollo’s AR-924 model. Gold Apollo Co. denied designing or manufacturing them, claiming the Hungarian company BAC Consulting KFT was responsible. 

However, a spokesperson for BAC Consulting said they were simply an intermediary and weren’t involved in production. Regardless, whoever engineered the attack had extensive knowledge of Hezbollah’s contacts, suppliers and shell companies. While key details remain unclear, all indicators indicate a supply chain attack. 

A Technical Perspective on How Those Blasts Happened

At first glance, the walkie-talkies looked like the discontinued ICOM IC-V82 radio. Lebanon’s communications ministry said they were not supplied by a recognized agent, officially licensed or vetted by security services, meaning a supply chain attack is all but certain. They were likely counterfeit. At the very least, someone tampered with old models.  

While the exploding pagers appeared to be Gold Apollo’s AR-924 model, they may have been counterfeits, too. An insider likely replaced them somewhere along the logistics process. Various sources suggest these devices contained pentaerythritol tetranitrate — a highly explosive white powder often used in commercial detonators. 

Pentaerythritol tetranitrate becomes plastic-like when combined with a plasticizer. This explosive charge could’ve easily been disguised as an internal component. Since walkie-talkies and pagers use radio signals, it’s possible they received a signal that activated the trigger mechanism, causing detonation at the press of a button.

An AR-924 pager receives messages on a 450-470 megahertz frequency, meaning its transmission range could reach up to 36 miles under ideal circumstances. Even though buildings in urban environments block and scatter radio waves, it’s possible that someone remotely triggered simultaneous explosions from miles away. 

The attacker also could’ve used malware to create a bomb without physical tampering. For instance, standard lithium-ion batteries can explode when overheating. However, experts don’t think that’s likely because these parts don’t cause explosions like those that occurred in Lebanon. 

The AR-924 pagers used a lithium battery, which can swell, burst and catch fire when overheated. The same thing can happen to the nickel-metal hydride batteries used by the ICOM IC-V82 radios. Notably, the result is dissimilar to a bomb. This observation led many experts to believe explosive charges were the source, not malware. 

Could a Similar Attack Target Smartphone Users? 

The radio detonations that happened the day after the pager explosions prompted a growing fear that any device could be a bomb.

Technically, someone can remotely detonate a smartphone. In 1996, the bombmaker Yahya Abd-al-Latif Ayyash — a Hamas terrorist responsible for hundreds of Israeli deaths — was killed after an insider rigged his phone with an explosive charge. That attack was highly targeted. Israel’s internal security service worked for months to engineer the phone, get it to Ayyash and detonate the charge.

However, unsubstantiated claims that attacks will target smartphone users next have proliferated. Some people believe the focus on low-tech devices was simply a misdirection. Should you be worried about your smartphone exploding the next time you answer a call? Probably not. While your phone technically has components that may burst or catch fire, it won’t go off like a bomb. The smoke is the most dangerous aspect — the fumes from a smoking lithium-ion battery are toxic.

Why Targeted Smartphone Explosions Are Highly Unlikely 

While it’s best to practice caution when you can, it’s highly unlikely that someone will turn your smartphone into a bomb. Here’s why.

Strict Quality Control

Officials admitted they didn’t use reputable suppliers or examine incoming shipments, creating an opening for tampering. Smartphone supply chains are far more regulated — especially in the U.S.— preventing threat groups from gaining access. Even if they have people on the inside, quality control would catch suspicious components before the phones shipped. 

Overheating Failsafes

Your phone has a built-in failsafe that triggers if it gets too hot. It simply switches off until it cools down. While a hacker could theoretically raise its temperature by transferring massive amounts of data or overclocking its components, it wouldn’t be able to overheat it enough to cause the battery to burst.

Attack Complexity 

If the unnamed former Israeli officials are to be believed, September’s exploding pagers were part of a complex, multiyear effort. If you’re worried about a similar event happening to you, you shouldn’t be. Such a sophisticated, coordinated attack is improbable — that’s why it went viral. Besides, attackers would have difficulty using cell towers or Wi-Fi to trigger explosions.

You Don’t Have to Worry About Smartphone Explosions

It’s normal to feel anxious in light of news about such attacks. Just remember that you’re more likely to cause a fire by puncturing or smashing your phone’s battery than you are to experience a targeted remote detonation like the exploding pagers. 

If it helps, pay attention to the signs your phone could burst. If the battery is bulging or hot to the touch, carefully remove and replace it. Should you see smoke, immediately clear the room to avoid toxic fumes and alert the fire department.

bg-pamplet-2