Yesterday, Reuters reported that multiple explosions involving communication devices used by Hezbollah resulted in at least nine deaths and over 3000 injuries across Lebanon.
Among those wounded were Hezbollah fighters, medics, and Iran’s ambassador to Lebanon, Mojtaba Amani, who sustained minor injuries.
The blasts, which occurred around 3:45 p.m. local time, have been described by Hezbollah as the “biggest security breach” they have faced during their ongoing conflict with Israel.
While Hezbollah and the Lebanese government blamed Israel for the explosions, Israeli officials have not commented. The Lebanese Red Cross deployed over 50 ambulances and 300 medics to assist the injured, many of whom suffered severe injuries to their limbs, face, and eyes.
The incident comes amid heightened tensions between Hezbollah and Israel, with the two sides engaged in frequent cross-border clashes since the Gaza war began in October 2023.
Despite attempts to mediate a ceasefire, efforts have stalled, and the conflict continues to escalate.
Hezbollah Vows Retaliation
This morning, Hezbollah has blamed Israel, and vowed to retaliate as the death toll climbs.
The explosions, which targeted handheld pagers used for communication by Hezbollah and others in Lebanon, were condemned by Lebanese Information Minister Ziad Makary as “Israeli aggression.” In response, Hezbollah pledged that Israel would face “fair punishment” for the attack.
Israel’s military, which has been engaged in cross-border clashes with Hezbollah since the onset of the Gaza war in October, declined to comment on the accusations.
Experts Suggest Supply Chain Attack
While some initially speculated that the deadly pager explosions in Lebanon were caused by battery malfunctions, experts now argue this is unlikely, as footage of the blasts does not align with typical signs of overheating, says the BBC.
They are instead pointing to the possibility of a sophisticated supply chain attack, in which the pagers may have been tampered with during their manufacture or transit. Supply chain attacks, which are increasingly common in cybersecurity, typically target software; however, hardware attacks are far rarer due to the need for physical access to the device.
If the pagers had been sabotaged by a supply chain attack, experts say a large-scale operation would have required to covertly modify the devices.
A former British Army munitions expert, who spoke to the BBC suggested the pagers may have been packed with 10 to 20 grams of military-grade explosives, concealed within a fake electronic component. The devices could then have been detonated by a specific signal, such as an alphanumeric text message.
It Wasn’t Us
The Guardian reported today that the Taiwanese manufacturer linked to the devices that exploded has claimed they are not responsible. Gold Apollo’s CEO, Hsu Ching-Kuang, said they were manufactured by an entity in Europe that had the right to use its brand. “The product was not ours. It was only that it had our brand on it.”
Ching-Kuang added: “We are a responsible company. This is very embarrassing.”
Details to Emerge
Former NSA cybersecurity expert Evan Dornbush, comments: “Cyberattacks have caused physical damage before – the 2010 power grid surge and an attack on an electric vehicle in 2016 are examples. However, myriad public videos makes this one visceral even to people who don’t think about supply chain security or cyber matters. Dornbush stresses that before anyone throws out their pager, the exact cause of this is likely being investigated by many, and details will likely emerge. “Videos imply that the devices seem to be narrowly targeted to particular operators. From what I’ve seen, the explosions appear narrow as well.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.