A third but brief post on Israel’s exploding pager attack against Hezbollah. Several people have expressed incredulity that Israel would go to the trouble of setting up “their own factory” to manufacture the exploding pages against Hezbollah. I suspect people are envisioning something the size of a Foxconn iPhone line, but for smaller runs of less cutting-edge products, modern contract manufacturing can usually do things in much smaller footprints. Pagers are old 1980s tech, most probably use off-the-shelf commodity parts you can find anywhere, and I suspect Israel set up something much smaller.
You don’t need a line of assembly workers, you need a pick-and-place machine to attach the surface-mount components to your circuit board. Pick-and-place machines are also old technology that have gone through many iterations, but you can literally run a circuit board a assembly line in your garage. Here’s a guy that uses a very old pick-and-place machine to make amusement park controllers using equipment in his own shed.
Note that his boards are roughly the same size as a pager (probably slightly bigger). His is a low-tech approach that allows him to do all the steps himself and requires hand-soldering for some components. With a few more machines and a few more people, I suspect Israel could easily have run their exploding pager line out of space of 1,000 square feet or less. Everything save the explosive batteries probably used commodity pager parts, and even the special command sequence to trigger the explosion was probably programmed into a commodity controller chip.
Israel also has a modern, sophisticated electronics sector, so it’s possible they contract with one of their existing military electronics contractors to do a run, but I’m not sure anyone had an assembly line suitable for turning out old-tech pagers, as you wouldn’t want to alert Hezbollah agents with a circuit board that looked too modern.
There were a lot of sophisticated aspects to Israel’s supply chain attack, especially how they used human intelligence to insinuate themselves into Hezbollah’s procurement system to be in a position to provide the pagers. And producing batteries that actually held explosives was not a trivial task. But setting up an assembly line for the pagers once they had done all the upfront espionage work to get in a position to provide them was probably among the least difficult aspects of the operation.
Tags: hacking, Hezbollah, Israel, Israel-Hamas War, Jihad, Lebanon, Military, Operation Grim Beeper, spying, supply chain, technology, video
People who don’t actually “do things” have no idea at all about the possibilities. No doubt, most of the Hezbollah leadership consists of people incapable of technical comprehension; they’re essentially “magical thinkers” who just use the technology they’re handed. The actual “capable people who understand” are likely two or three layers lower than dirt in the hierarchy, and odds are, they were overruled when they pointed out the potential problems.
I’d again like to point out that this was a layered attack, likely years or even decades in the making. The first essential step was convincing the leadership of Hezbollah that the smart phones they were using were security risks… That done, then they somehow convinced the “technical experts” in Iran and Hezbollah that pagers were a solution, and that instead of buying dozens of different ones from different sources (the way the mob buys burner phones…) they should get them from one supplier…
This was a highly complex, multi-layered attack, conducted over a very long period. If I were the Iranians and Hezbollah, right about now? I’d be questioning a lot of my life-choices, and be re-evaluating them.
Oh, smart phones are unquestionably a security risk. Unless you’re taking extraordinary precautions, both your location and your metadata are stored by whatever carrier they’re using in Lebanon, and I bet Israel already has backdoor access into that. And that’s to say nothing of individual applications (like Facebook) storing their own tracking metadata. Knowing Hezbollah, I’m guess the sort of infosec required to keep various low-level foot soldiers from installing unathorized apps was jsut beyond them.
Browser cookies can also store their own metadata, and all that data can be aggregated and sold for ad revenue. And that’s just advertising companies selling your data, no malware required. And then there’s the treasure trove of email and text messages than can be accessed on compromised or insecure servers.
And, as Russia has learned, even just videos and pictures are useful sources of information in the hands of skilled intelligence sources (or distributed networks of geeks like 4Chan or Reddit).
So yes, having pagers actually would forestall many of the attack surfaces offered by smart phones. But only if you have a verified, secure supply chain to buy them from…