A thunderbolt strike in the standoff between Hezbollah and Israel since last Oct. 8. Less than two months after the assassination by drone attack of one of its high-ranking military commanders, Fouad Shukur, in Beirut's southern suburbs, Hezbollah appears to have suffered another major setback after a hacking operation that remotely exploded numerous pagers, injuring hundreds of its members throughout Lebanon.
While no one has claimed the operation in the hours following the first explosions, several experts have already pointed to Israel. These accusations seemed to be validated by a close adviser to Israeli Prime Minister Benjamin Netanyahu, who commented — then almost immediately deleted — a message on X hinting that Israel was behind the explosions.
"This operation demonstrates that Hezbollah was outpaced technologically," says cybersecurity adviser Janane Khoury. "Beyond the modus operandi, which is not yet known, this is the largest security breach noted to date within the party. It's a spectacular and unprecedented attack."
Khoury is not surprised that this operations perpetrators chose this avenue of attack. "It is an area in which Israel has considerable expertise, with experienced technicians and dedicated applications, potentially capable of interacting with all connected devices," she says.
Hadi al-Khoury, cybersecurity expert and co-founder of the French chapter of the Information Systems Security Association (ISSA), told L'Orient-Le Jour, "To my knowledge, an attack of this magnitude and from this angle is unprecedented."
A Lebanese security source told Al Jazeera that the pagers were booby-trapped, while other sources told Sky News Arabia that the Mossad had poured PETN (pentaerythritol tetranitrate) liquid explosive on the batteries of Hezbollah's communication devices and detonated it by raising the battery's temperature.
Pagers and lithium batteries
According to the information circulating in the hours following the attack, the source of the explosions was pagers, small portable radio messaging receivers that were popular before the advent and democratization of mobile phones and the Internet. Today, they are only used internally in hospitals or in some restaurants to signal to waiting list customers that a table has become available.
In the last almost-year of fighting against Israel, which began the day after the outbreak of the war in Gaza and has been mostly focused around the southern border, Hezbollah has turned to these rudimentary devices as an attempt to keep its operations under the Israeli radar, especially following the assassination of several of its commanders in targeted strikes.
Unlike mobile phones, pagers are difficult to trace and work in areas where phone coverage is limited. They do not require SIM cards or Internet connections, making it harder to track their location and activity.
However, the pagers that exploded on Tuesday were the latest model introduced by Hezbollah in recent months, three security sources told Reuters agency.
"Although rudimentary, pagers are connected devices that contain a majority of electronic components, with all the dangers and vulnerabilities that entail," explains Hadi al-Khoury.
Pagers are designed to receive radio waves, he explains, so anyone trying to interfere with them could "broadcast" information capable of exploiting a vulnerability either known to the manufacturer or discovered later by the attackers. "This information can then be received and 'interpreted' by the devices, causing considerable overheating, even an explosion," he adds.
Another piece of information relayed by several media outlets: these pagers are equipped with a lithium-ion battery (commonly called a lithium battery), which can present a risk of ignition or explosion — in which case an incident might be linked to battery overheating, typically caused by a short circuit due to a design defect or shock.
Corrupted equipment
Despite these few identifiable elements, this operation raises a central question: were the pagers simply destroyed remotely, or were they modified in advance?
Computer engineer at the American University of Beirut (AUB), Imad Hajj opts for the second hypothesis. "Based solely on what is known, it seems unlikely to me that such devices could have been turned into bombs remotely without prior modification, even considering the risks of lithium battery ignition," he says..
This opinion is shared by the American whistleblower based in Russia, Edward Snowden, who suggested in a post on X that there were "too many consistent and very serious injuries" and not enough "fires and misfires" to support the "overheating batteries exploding" theory.
Hadi al-Khoury, for his part, considers that the hypothesis of "malicious intervention in the supply chain of these pagers" cannot be excluded. "From the factory where they are assembled to their arrival in Lebanon, passing through all the packaging and conditioning stages. Each of these stages could be compromised to inject, replace, corrupt these pagers, especially if they were recently acquired," he explains.
The hypothesis of sabotaged pagers was also put forward by military expert and war veteran Elijah Magnier, who listed several scenarios in a message posted on X.
Lukasz Olejnik, an independent cybersecurity researcher and consultant, also dismisses the hacking hypothesis. "It is very likely that the explosives were placed in advance. The key factor is the recent nature of the acquisitions, suggesting a supply chain issue or manipulation. The fact that the explosions were not triggered simultaneously is intriguing, indicating that they were triggered in waves. This suggests that the timers were likely not pre-programmed but activated dynamically based on other conditions," he wrote in a post shared on X.
In Lebanon, former Defense Minister Yacoub Sarraf stated that he did not think the pager explosions were the result of a cyberattack, but rather that "this type of equipment has a code set by its manufacturer, to ensure it can be destroyed using an information key called a 'back door,' which allows the manufacturer to access the device and give instructions to make it explode." As Hadi al-Khoury mentioned, the vulnerabilities present in a product, either known by the manufacturer or discovered after-the-fact, could be exploited for the purposes of an operation such as what was carried out across Lebanon.
This article was originally published in French on L'Orient-Le Jour.