These pagers were 100% a supply chain attack. Intercepted and modified with small explosives embedded in them or swapped the entire shipment out with ones with a small explosives in them.
There is no possibility these explosions are from battery overloads via an exploit or firmware hack.
There's still the question of how the explosive capsule would have been triggered. It couldn't just explode at the first incoming call. There must be more to that.
The microcontrollers inside the pagers probably have a spare GPIO pin, so they'd just have to modify the software and attach the detonating electronics to that gpio pin.
Since i'm supposedly "posting too fast", to answer the post below:
> Just curious, is it possible to program the pins so that it triggers by wireless or satellite command? With that scale I don't think wireless is possible though.
Technically it is, but requires additional electronics and antennas. It's much easier to just use the existing pager network and trigger when some specific message (or pager code) is detected. Paging networks are simple to implement.
It seems pretty plausible that the actual supply chain attack here would have been Israel subbing out whole shipping crates of pagers for sabotaged devices Israel manufactured itself, which would allow for arbitrary complex designs.
Just curious, is it possible to program the pins so that it triggers by wireless or satellite command? With that scale I don't think wireless is possible though.
the pager is already wireless. So adding functionality to trigger wirelessly (over the phone network) is trivial. And it can trigger only with a special message.
My best guess is explosively formed penetrator in the display.
I don’t think wholesale replacement of the pagers was likely to work for a number of reasons.
They had to go one step up the supply chain.
The EFP display could be set to trigger on a certain message, or even the clearing of a certain message, which in devices without said display would do nothing.
The display is most likely to be pointed at the user’s face, or opposed to their waistline (EFPs sort of fire both ways but in one axis.
The battery, if it were a cylinder as would be likely, would fire tangentially, likely not hitting much.
A prismatic battery would make a good place for an EFP but difficult to interface with and likely requires a second compromised component.
Theory: A prismatic battery with an explosive core and an electronic fuse swapped to trigger the explosive instead of disconnect the battery. Firmware change to short the battery. No visible signs of tampering even in iFixit like conditions.
Would someone be able to make one that worked but weighed eg five grams, then fill the rest with explosive? Would anyone be able to discern that the back of the glass wasn’t liquid crystal but explosive, especially as they are usually taped over?
Nothing, they aren’t looking for 2”x1” sheets of copper within electronic devices, and presumably the thin layer of explosives would be sealed and washed.
How do you mean? I am trying to understand what you're saying, it seems you mean that people on HN only _think_ they understand how battery technology works saying this is impossible, but in reality they have no idea, and it's trivial to make an explosive device like out of pager batteries?
Simple logic and science. Batteries do not cause forceful explosions like we've seen today. These pagers were intercepted and implanted with explosives (or entire load swapped with pre-made malicious ones) and then allowed to continue on to their destination. Thus I can say with 100% confidence that this was a supply chain attack.
I bet lots of people with that model of pager are now ripping them open to check for explosives. If we don't see pictures of unexploded ones, then I'd guess they were all triggered, and the only ones we might see are devices that were turned off at the time.
There is no possibility these explosions are from battery overloads via an exploit or firmware hack.