Tech wars

Exploded pagers in Lebanon, how it was possible: all the technical hypotheses

Mossad's attack on Hezbollah was unprecedented, but perhaps not as technologically sophisticated

by Alessandro Longo

Aggiornato il 18 settembre alle 17:50

Aggiungi Il Sole 24 Ore
ai preferiti su Google
Libano, esplodono cercapersone: centinaia di membri Hezbollah feriti

4' min read

4' min read

Experts agree: it was an unprecedented attack, but perhaps not as technologically sophisticated, that set off the pagers ('pagers') of thousands of Hezbollah agents on Tuesday afternoon. The toll as of Wednesday was 2,700 wounded and twelve dead across Lebanon. Israel is the main suspect, but it does not comment. But the story also opens up question marks: how did they blow them up?.

The technical clues are these: a Hezbollah official speculates that malware may have caused the explosion. He reports that some people felt the pagers heating up and got rid of them before they exploded.

Loading...

The bomb explosions in Lebanon look like the kind of operation conducted by the Israeli intelligence agency, according to Ronen Solomon, an independent intelligence analyst.

Michael Horowitz, head of intelligence at Le Beck International, a security and risk management consultancy based in the Middle East, agrees with the malware hypothesis.

The assumptions

.

The question remains as to how the malware could have been exploited, even considering the near simultaneous nature of the explosions.

There are three hypotheses, according to Claudio Telmon, a cyber security expert at the specialised association Clusit. Two involve Israel having managed to get its hands on each pager device - a sort of ancestor of the mobile phone - by intercepting the intended cargo. "They may have opened the pager, installed a small explosive charge and manipulated the circuits so that they could remotely control the explosion with a command given at the same time," he says. The explosive was probably placed close to the battery to detonate it in a chain reaction.

Basically, they had to install malware on these devices, opening a hidden port on a system that could be used by third parties who installed it. The mechanism is similar to that of common ransomware malware, used by cybercriminals to encrypt the contents of hard disks and then demand a ransom from the affected companies to unlock the data.

"However, pagers are much simpler than a smartphone, so they cannot have used traditional malware, i.e. software," explains Paolo Dal Checco, a well-known forensic engineer.

The idea is gaining strength in the last few hours is that they have altered the pager system, with a malicious code, so that on command it triggers the explosive.

Testimonies also show that before the explosion, the pager emitted a sound, to prompt the user to bring it to his face, so as to maximise the damage. This too may be the result of malicious code.

The main doubts concern the attack vector, i.e. how they sent the command to trigger the malicious code and thus operate the device.

Telmon and Dal Checco have two hypotheses: sending a code in the form of a message ('page') to the pager or using radio frequencies.

"They may have manipulated the pager's circuits and antennas to make them react to specific radio frequencies. Then all they had to do was send them over a wide range - like a radio signal - to reach all the pagers involved," Telmon explains.

A third hypothesis does not contemplate the use of explosives, but it is losing share in these hours. According to some, they may have overheated the pagers, with remote commands, to make the battery explode, creating a short circuit. The command may come by exploiting computer vulnerabilities inherent in those pagers or, again, malicious code installed ad hoc.

This third hypothesis is less convincing for Telmon: 'The result is not assured, as with the use of explosives; instead, we read that they were able to detonate everyone at the same time, with great effectiveness'. Dal Checco: 'No battery could explode causing that much damage: explosives were used.

Hacker doubts

.

What is more, it is emerging that the pagers would be manufactured by a company called Gold Apollo in Taiwan and would not have a lithium battery but simple AAA alkaline batteries.

The hypothesis that they could have done all this without physically opening the pager, then sending malicious code that exploits system vulnerabilities or having it installed on users, is also not convincing. Installing a Trojan on a pager is not the same as doing it on a computer or smartphone. One cannot use e-mails containing the virus; 'it is possible that hackers could have blown up the batteries inside pagers with a page containing malicious code, but that would be very difficult. The hackers would have to know the make and model of the devices, and the effect would not be as powerful as the videos of the explosions suggest,' Robert Graham, CEO of Errata Security, an Atlanta-based computer security firm, tells the Wall Street Journal, which also confirms the need to install explosives to have that effect.

Israel's 'tech' record

Israel in general has been known for years for its cyber security capabilities, also in cooperation with US agents. It has previously exploited communication devices to carry out targeted killings. After a series of suicide bombings in the 1990s, Israel killed Hamas bomb-maker Yahya Ayyash by placing an explosive in a phone that was detonated near his ear.

And now part of cyber history is the Stuxnet virus, the result of an alleged collaboration between Israel and the US. It was used in 2010 to target Iranian nuclear facilities (it has since mutated and spread to other industrial and power generation facilities). The original Stuxnet attack targeted programmable logic controllers (PLCs) used to automate machine processes in nuclear power plants. Stuxnet allegedly destroyed numerous centrifuges at Iran's uranium enrichment plant in Natanz, causing them to burn and thus slowing down the Iranian government's nuclear weapons programme. Over time, other cyber groups have modified the virus to target facilities such as water treatment plants, power plants and gas lines.

Copyright reserved ©
Loading...

Brand connect

Loading...

Newsletter

Notizie e approfondimenti sugli avvenimenti politici, economici e finanziari.

Iscriviti