Experts Say Pager Explosions in Lebanon Were Not Caused by Batteries
Cybersecurity experts are investigating the recent incident in Lebanon, where more than 4,000 people were injured in a mass detonation of pagers. According to specialists, simple overheating and ignition of lithium-ion batteries are unlikely to have caused such devastation. Instead, it is believed that explosives were placed inside the devices.
On September 17, 2024, a mass detonation of pagers occurred in Lebanon. According to the latest information from the country’s Minister of Health, Firas Abiad, at least 11 people were killed and about 4,000 were injured, with more than 400 currently in critical condition in hospitals.
Media reports indicate that the pagers were used by members of the militant Shiite group Hezbollah, particularly to protect against eavesdropping and tracking. The devices that exploded were reportedly the latest model, and Hezbollah members had received them in recent months. Representatives of the group told The Wall Street Journal that “hundreds of fighters” were using the pagers.
The exact model of the devices involved is still unclear. It is believed that Hezbollah used the AR924 model from Taiwanese manufacturer Gold Apollo. However, the company has stated that these pagers are actually produced by Budapest-based BAC Consulting, with Gold Apollo only providing the license and not participating in manufacturing.
Initially, it was speculated that the incident could have been caused by a cyberattack or a special operation by Israeli intelligence services. Now, according to The New York Times and other media outlets citing unnamed government officials from the U.S. and other countries familiar with the situation, Israel carried out the attack by intercepting the pagers before they reached Hezbollah and planting explosives inside them.
Cybersecurity experts were immediately skeptical of the theory that a cyberattack could have hacked the pagers, causing their batteries to overheat and ignite. Well-known cybersecurity specialist and engineer Michael Grover, also known as MG, dedicated a large thread on X (formerly Twitter) to the incident. Many know him as the creator of the malicious O.MG cable, and he previously demonstrated exploding USB drives as a proof of concept and joke in 2018.
“The situation with Hezbollah’s exploding pagers is an incredibly effective supply chain attack, most likely by Israel,” MG wrote.
He explained that the modification of the pagers must have occurred either during transportation or at the factory, since thousands of devices exploded simultaneously. After reviewing numerous videos of the detonations circulating online, Grover concluded that the explosions were too powerful to be caused by battery overheating. He emphasized that pager batteries are much smaller than phone batteries and simply cannot cause such destruction on their own.
“The explosions were very powerful. It was probably an explosive like RDX or PETN. I suspect the explosive was embedded in the battery to make it physically unnoticeable,” Grover said, sharing his theory. “However, that doesn’t mean you can just modify the battery and that’s it. The explosive needs a trigger. In the videos, just before the explosion, the victim looks down as if they just received a message. About four seconds later, the pager explodes.
For this to happen, the electronics would have to filter for a specific message and then activate the detonator. This could be done with modified firmware, but you’d still need to send an electrical signal to the detonator, requiring extra wires and components. For over 1,000 devices, you’d likely need a custom circuit board. If all this was added to finished pagers, it would take a lot of time. They would have had to make reliable clones in advance and swap out a large batch during transport to avoid noticeable delays. Most likely, they worked directly with or controlled the manufacturer, embedding custom internal components from scratch.”
404 Media quoted iFixit CEO Kyle Wiens, who fully agreed with MG’s assessment. He noted that in the case of a simple battery fire, it’s unlikely the batteries could have harmed anyone other than the pager owners themselves.
“I can’t imagine a lithium battery explosion killing someone. You could get third-degree burns, sure,” Wiens said. “It’s tempting to imagine some wild cyberattack that overloaded the batteries, but I think a supply chain attack is more likely, and Israel simply planted remote-controlled explosives in the pagers. I tried to think of a way to quickly overheat a device using the battery, but it’s actually pretty hard. I know how to make a device ‘unsafe,’ but not how to trigger a thermal cascade on demand.”