The Israel Defense Forces (IDF) stated in the early hours of the 22nd that they struck around 300 Hezbollah targets in Lebanon on the 21st. According to Reuters, this was the second consecutive day of the IDF’s “most intense airstrikes” on Lebanon since the new round of the Israeli-Palestinian conflict erupted on October 7 of last year. Notably, before these large-scale airstrikes on Hezbollah forces, Lebanon experienced a series of massive explosions of communication equipment, severely disrupting Hezbollah’s command chain. Many Western media outlets speculate that these explosions were intended to pave the way for the IDF’s large-scale airstrikes. Behind this new mode of attack lies a troubling global concern: the rise of “supply chain attacks.”
How Hezbollah’s Pagers Were “Compromised”
On the 17th and 18th of the month, a series of explosions occurred in Lebanon, simultaneously targeting pagers, walkie-talkies, and other communication devices. These blasts resulted in at least 37 deaths and around 3,000 injuries. Preliminary investigations revealed that the pagers and walkie-talkies involved contained small amounts of explosives, which were remotely detonated using specific commands. Previously, Hezbollah had instructed its members to abandon smartphones due to the risk of Israeli surveillance, opting instead for pagers and walkie-talkies, considered more primitive but more secure. Many external observers believe that Israel was behind the series of explosions in Lebanon. The New York Times described the operation as a “modern Trojan horse” orchestrated by Israel. Western media widely accept the theory that Israel deeply intervened in the production of these communication devices, embedding military-grade explosives into the batteries during manufacturing. Once Hezbollah procured and distributed these devices, they were remotely detonated by raising the battery temperature.
Comprehensive analysis of the Rugged Pager AR924, a pager brand manufactured by Taiwan’s Golden Apollo Company and involved in the blasts, revealed significant vulnerabilities that could have been exploited. On the software side, these pagers can be quickly configured via USB-C and special software, allowing large-scale modifications. The system is easily unlocked with a default password (0000) or a programming unlock code (AC5678), allowing further customization and potential implantation of malware or control mechanisms. Hackers could easily compromise the system’s firmware and software, inserting backdoors for remote control.
On the hardware side, the pager contains a replaceable battery, making it easy for attackers to swap in batteries loaded with explosives. Additionally, the circuit board has capacitors and programming contacts, which allow adjustments to operational parameters. If these are linked to the power supply, manipulating them could theoretically alter the voltage or current, potentially causing the battery to overheat and detonate the explosive materials.
The “New” and “Old” Aspects of Supply Chain Attacks
According to ABC News, the communication equipment explosions in Lebanon are a classic example of a “supply chain attack.” Simply put, a supply chain attack involves tampering with or intervening in the production and distribution of products to achieve destructive aims. Experts note that executing such an attack requires deep involvement in the relevant industry chain. ABC reported that this operation involved shell companies, multiple levels of Israeli intelligence officers, and a legitimate company producing the pagers under a disguised identity, with some participants unaware of their actual role in the scheme. The complexity of this operation is said to have been in planning for at least 15 years.
However, experts argue that the idea of using civilian devices to carry out large-scale destructive operations isn’t entirely new for some countries. U.S. intelligence sources told ABC that the CIA had considered using similar strategies but refrained due to the high risk posed to innocent civilians.
One of the most concerning aspects of the Lebanese explosions is the transformation of cyberattacks into physical destruction. Previously, Israel used the Stuxnet virus to disrupt Iran’s nuclear centrifuges, but that method was limited to industrial sectors. Although electronics like laptops have been weaponized in the past, such as in Israel’s assassination of Hamas bomb-maker Yahya Ayyash in 1996 using a remote-controlled phone, these were small-scale, targeted attacks. The large-scale modification of civilian equipment for use as explosives, as seen in Lebanon, is unprecedented. The fact that these devices are deeply integrated into daily life makes the societal impact far-reaching and opens the door to a new type of warfare.
As digitalization continues to advance, many devices like smartphones and smart home systems connect to cloud servers via the internet, making them susceptible to external hacking. For example, even without explosives, attackers could theoretically cause devices to overheat and ignite by overloading them through cyberattacks. With billions of connected smart devices worldwide, the risk of such incidents, even if minimal, remains a significant concern.
The chain of explosions in Lebanon illustrates a new type of cyberattack that moves beyond stealing information or crashing systems to causing physical harm and casualties. As AI continues to develop, the risk of such attacks will increase, making all systems potential targets. This escalates the pressure on cybersecurity defenses, with consequences ranging from data theft to severe physical damage like explosions. Such concerns are not far-fetched. Chechen leader Ramzan Kadyrov recently claimed on social media that his Tesla truck was remotely disabled by Elon Musk.
The Threat of “Indiscriminate Attacks”
Experts worry that another troubling aspect of the Lebanese explosions is the potential for “indiscriminate attacks.” While the incident targeted Hezbollah members, most victims were innocent civilians, including children. The nature of supply chain attacks makes them inherently non-discriminatory—there’s no guarantee that compromised devices won’t end up in the hands of unsuspecting civilians or even third countries. American human rights lawyer Huwaida Arraf pointed out that the explosions occurred without warning and in public spaces, meeting the criteria for “state terrorism.” Sarah Leah Whitson, director of the Washington-based organization “Democracy Now for the Arab World,” emphasized that “you shouldn’t place booby traps on items civilians might pick up and use,” which explains the devastating toll in Lebanon. The heavy casualties reveal the essentially indiscriminate nature of these attacks.
There is widespread concern that if the “indiscriminate attack” model spreads, it could open Pandora’s box, threatening people everywhere. Axios commented that reports of explosions involving pagers, walkie-talkies, and even solar power systems suggest future warfare could extend indefinitely, with even the most basic daily items becoming untrustworthy. Zhou Hongyi remarked, “Every terminal product we use now relies on a global supply chain involving numerous suppliers. Ensuring control and safety throughout the production, transportation, and storage processes is crucial, especially for equipment and technology vital to national security. Autonomous research and development should be accelerated to ensure the credibility and safety of devices, preventing external tampering. Strengthening supply chain security management is essential.”
The latest reports indicate that thousands of communication devices, including pagers and walkie-talkies, in Lebanon were remotely detonated, causing mass civilian casualties. Children playing in the streets lost their sight, mothers shopping in supermarkets were maimed, and doctors on their way to work were gravely injured. The devastation is unimaginable. The use of communication tools for remote indiscriminate attacks, resulting in large-scale civilian casualties and societal panic, is unprecedented in history. This behavior is a grave violation of a nation’s sovereignty and security, a blatant breach of international law, particularly international humanitarian law, and a flagrant disregard for human life. The cruelty and egregious nature of these attacks demand the strongest condemnation.
Leave a comment