September 19, 2024:
Amid ongoing violent conflict with Israel, Hezbollah’s digital communications and activities are also under constant barrage from Israeli hackers. In fact, this constant digital assault reportedly played a role in pushing Hezbollah away from smartphone communication and toward pagers and walkie-talkies in the first place. “Your phone is their agent,” Hezbollah leader Hassan Nasrallah said in February, referring to Israel.
The commercial spyware industry has shown it is possible to fully compromise target smartphones by exploiting chains of vulnerabilities in their mobile operating systems. Developing spyware and repeatedly finding new operating system vulnerabilities as older ones are patched is a resource-intensive process, but it is still less complicated and risky than conducting a hardware supply chain attack to physically compromise devices during or shortly after manufacturing. And for an attacker, monitoring a target’s entire digital life on a smartphone or laptop is likely more valuable than the device’s potential as a bomb.
“I’d hazard a guess that the only reason we aren’t hearing about exploding laptops is that they’re collecting too much intelligence from those,” says Jake Williams, vice president of research and development at Hunter Strategy, who formerly worked for the US National Security Agency. “I think there’s also potentially an element of targeting, too. The pagers and personal radios could pretty reliably be expected to stay in the hands of Hezbollah operatives, but more general purpose electronics like laptops could not.”
There are other more practical reasons, too, that the attacks in Lebanon are unlikely to portend a global wave of exploding consumer electronics anytime soon. Unlike portable devices that were originally designed in the 20th century, the current generation of laptops and particularly smartphones are densely packed with hardware components to offer the most features and the longest battery life in the most efficient package possible.
University of Surrey’s Woodward, who regularly takes apart consumer devices, points out that within modern smartphones there is very limited space to insert anything extra, and the manufacturing process can involve robots precisely placing components on top of each other. X-rays show how tightly packed modern phones are.
“When you open up a smartphone, I think the only way to get any sort of meaningful amount of high explosive in there would be to do something like replace one of the components,” he says, such as modifying a battery to be half battery, half explosives. But “replacing a component in a smartphone would compromise its functionality,” he says, which could lead a user to investigate the malfunction.
In contrast, the model of pager linked to the explosions—a “rugged” device with 85 days of battery life—included multiple replaceable parts. Ang Cui, founder of the embedded device security firm Red Balloon Security, examined the schematics of the pager model apparently used in the attacks and told WIRED that there would be free space inside to plant explosives. The walkie-talkies that exploded, according to the manufacturer, were discontinued a decade ago. Woodward says that when opening up redesigned, current versions of older technologies, such as pagers, many internal electronic components have been “compressed” down as manufacturing methods and processor efficiency have improved.