It is a huge technical operation to intercept an order and replace it with modified devices without the target knowing. Particularly when the target has to be extra careful in ordering things in the first place to avoid sanctions.
In contrast sending out an “execute order 66” message is pretty trivial to trigger them
Not a ton is known, by from what I understand the explosives were part of a secondary board added to the pagers, which would also have the ability to listen for a separate signal or look for a specific one the pager received.
Well, they had to make room inside for the high explosive charge, so it was never going to be a slight change to an off-the-shelf product. There’s not typically a lot of dead space in a pager.
I saw some videos about how strong C4 actually is. A single capacitor could in theory hold the payload we have seen. That would also hide it if the device were opened.
This wasn’t an interception. The devices were designed and manufactured by Israeli intelligence. They just licensed out brandnames through shell companies, and convinced Hezbollah to buy models from their agents by conventional spycraft.
There are videos capturing lots of explosions going off simulataneously. Since pagers already can recieve messages and these devices were deeply infiltrated, they likely added a special trigger message to set them off. THis could also allow other scenarios, like only setting off one (for whatever reason).
Well yes but then you’d have to send all those messages, not too hard for a big organisation, but to make a specific message trigger it you would have to do something to the chips on it. And that’s what I’m wondering.
If they can plant explosives they can 100% tap into the circuit or maybe reprogram the board. The CIA is known to be able to do this to specific devices by plucking them from the mail. Mossad could likely do their own production run and ship that to Hezbollah.
before there were mobile phones there was analog dtmf wired telephones. they replaced pulse dialing and allowed for all kinds of additional signalling and triggering. ring a bell, operate a relay, kick people off so you could call the president, entire automated analog switching centers, you name it.
when mobile networks came on the scene there were all sorts of additional triggers but because the (second gen? the ones that could do sms) signals were actually digital, there was a much wider array of possibilities. dtmf had a handful of frequencies it supported and if you wanted to do something more you had to basically make sure the entire network you were using could send, transport and receive those frequencies.
now imagine instead of sixteen combinations of frequencies played at the same time you have access to thousands of possible triggers. once you have simple stuff like the basic receiving of text and lighting a led or playing one of several legally distinct jingles covered, you could do do much more. and people did. there were all kinds of things pagers could do through combinations of local interface and digital communication with a cell tower, all mediated through a handful of baseband chips on the pager pcb that could have the pins for stuff they wouldn’t be used for disconnected.
but how would you make a pager set off an explosive?
well, the same way you use a casio f91w wristwatch to. you use its built in functionality (the speaker when the alarm goes off) to trigger a battery that can deliver enough electricity into a resistor to heat it up enough to make your (primary) explosive detonate.
in the case of a pager, those baseband chips have all kinds of on and off switching built in. it’s not hard to imagine that basic, out of the box functionality would include pulling a pin high when it gets “*97” or some such. now tie that pin to the base of a transistor across the positive and negative terminals of the battery and sitting against a little petn and you got yourself a remotely triggered explosive.
you wouldn’t even need a pcb.
there’s probably a lot of stuff thats incorrect in this reply. it’s late and this is off the dome.
Thanks a lot for the information. I’m getting downvoted but you are the only one at least trying to answer my question, which was what I was looking for.
I hope we’ll get some actual confirmed details about the technical side of this attack. Your message seems like something that can very much be true.
I wonder about the technical part of this.
Was it timer based?
Was it based upon which number sent a message?
A lot of the ideas I have would require a huge technical operation, instead of the “just added explosives” angle.
It is a huge technical operation to intercept an order and replace it with modified devices without the target knowing. Particularly when the target has to be extra careful in ordering things in the first place to avoid sanctions.
In contrast sending out an “execute order 66” message is pretty trivial to trigger them
How would this message trigger the explosive?
Taking control of a shipping container, opening all of pagers and adding some explosives is obvious and not too hard for people with that power.
Replacing all the chips, or hacking their firmware, is different, and is what I’m asking about.
Most bombs that use a phone as the trigger use the speaker for example. But in these pagers that would have already set off loads.
Not a ton is known, by from what I understand the explosives were part of a secondary board added to the pagers, which would also have the ability to listen for a separate signal or look for a specific one the pager received.
Thanks. This is more along the lines of what I’m interested in.
A custom made board for this increases the difficulty and size of this operation by a lot.
Well, they had to make room inside for the high explosive charge, so it was never going to be a slight change to an off-the-shelf product. There’s not typically a lot of dead space in a pager.
I saw some videos about how strong C4 actually is. A single capacitor could in theory hold the payload we have seen. That would also hide it if the device were opened.
Is there data on what the payload actually was?
I don’t think there is at the moment.
This wasn’t an interception. The devices were designed and manufactured by Israeli intelligence. They just licensed out brandnames through shell companies, and convinced Hezbollah to buy models from their agents by conventional spycraft.
Yes, more evidence comes to light.
May have been done at the source of the manufacturing.
Not sure that falls under “intercepted”
I believe they triggers a cell in the LIPO batteries to overheat causing the explosive material to explode.
Replace battery with battery/explosive/receiver combo.
There are videos capturing lots of explosions going off simulataneously. Since pagers already can recieve messages and these devices were deeply infiltrated, they likely added a special trigger message to set them off. THis could also allow other scenarios, like only setting off one (for whatever reason).
Well yes but then you’d have to send all those messages, not too hard for a big organisation, but to make a specific message trigger it you would have to do something to the chips on it. And that’s what I’m wondering.
If they can plant explosives they can 100% tap into the circuit or maybe reprogram the board. The CIA is known to be able to do this to specific devices by plucking them from the mail. Mossad could likely do their own production run and ship that to Hezbollah.
Yes I want to know more.
you really might not.
before there were mobile phones there was analog dtmf wired telephones. they replaced pulse dialing and allowed for all kinds of additional signalling and triggering. ring a bell, operate a relay, kick people off so you could call the president, entire automated analog switching centers, you name it.
when mobile networks came on the scene there were all sorts of additional triggers but because the (second gen? the ones that could do sms) signals were actually digital, there was a much wider array of possibilities. dtmf had a handful of frequencies it supported and if you wanted to do something more you had to basically make sure the entire network you were using could send, transport and receive those frequencies.
now imagine instead of sixteen combinations of frequencies played at the same time you have access to thousands of possible triggers. once you have simple stuff like the basic receiving of text and lighting a led or playing one of several legally distinct jingles covered, you could do do much more. and people did. there were all kinds of things pagers could do through combinations of local interface and digital communication with a cell tower, all mediated through a handful of baseband chips on the pager pcb that could have the pins for stuff they wouldn’t be used for disconnected.
but how would you make a pager set off an explosive?
well, the same way you use a casio f91w wristwatch to. you use its built in functionality (the speaker when the alarm goes off) to trigger a battery that can deliver enough electricity into a resistor to heat it up enough to make your (primary) explosive detonate.
in the case of a pager, those baseband chips have all kinds of on and off switching built in. it’s not hard to imagine that basic, out of the box functionality would include pulling a pin high when it gets “*97” or some such. now tie that pin to the base of a transistor across the positive and negative terminals of the battery and sitting against a little petn and you got yourself a remotely triggered explosive.
you wouldn’t even need a pcb.
there’s probably a lot of stuff thats incorrect in this reply. it’s late and this is off the dome.
Thanks a lot for the information. I’m getting downvoted but you are the only one at least trying to answer my question, which was what I was looking for.
I hope we’ll get some actual confirmed details about the technical side of this attack. Your message seems like something that can very much be true.
If they can intercept the message where it isn’t encrypted, they can simply sniff the messages coming on the page and wait for their signal.
Then, they can trigger the explosive to a specific message.
That’s a wild guess though.