What we know about the deadly pager explosions in Lebanon

Lebanese soldiers stand guard at a street that leads to the American University hospital where they bring wounded people whose handheld pager exploded, in Beirut, Lebanon, Tuesday, Sept. 17, 2024. (AP Photo/Hassan Ammar)
Lebanese soldiers stand guard at a street that leads to the American University hospital in Beirut. Credit: AP

Words by James Hockaday, producer

After a remote attack which saw pagers used by hundreds of Hezbollah militants exploding in Lebanon and Syria – conflicting theories on how such a sophisticated operation could be pulled off are swirling online.

At least 12 people, including two children, were killed in the blasts on Tuesday while nearly 3,000 people were injured, with Hezbollah blaming Israel for the attack.

The attack has renewed fears of a wider war in the Middle East that Israel and Iran-backed Hezbollah have carefully avoided so far, despite a series of attacks from both side across Israel's northern border since Hamas launched its October 7 attack.

The Israeli military has declined to comment on the pager blasts, and details on how the attack was executed are largely uncertain. Investigators have not immediately said how the pagers were detonated.

ITV News spoke to cybersecurity experts about how the operation was likely to have been carried out and what implications it could have on global security in the future.

What caused the Lebanon pager blasts?

The short answer is - we don't know for sure, but cybersecurity expert Gérôme Billois said he believes the "most likely scenario appears to be that the devices were sabotaged during delivery".

"This would allow for precise targeting, as the incidents seem to be limited to specific groups, such as Hezbollah, and not widespread," he adds.

Intercepting and tampering with devices during the delivery process is a known tactic used by intelligence services, Mr Billois points out, as revealed by whistleblower Edward Snowden in relation to the NSA planting surveillance tools in routers and servers exported from the US.

This strategy would give operatives a chance to insert explosives and modify the software of the pagers, potentially to react to a particular message or signal to trigger an explosion, Mr Billois says.

"The most likely scenario is an interception of the shipment at some point in the supply chain, where the boxes were carefully opened, modified, and then resealed with new packaging."Given the scale -several thousand devices -it would require a meticulously planned and highly organised effort to carry out such an operation undetected."

Police officers inspect a car inside of which a hand-held pager exploded in Beirut. Credit: AP

The AR-924 pagers used by Hezbollah were Gold Apollo branded. But the Taiwanese company said the devices were produced and sold by Budapest-based company BAC, which is yet to comment.

Dr Andreas Krieg, Associate Professor at King's College London School of Security, agreed the devices would have to had been physically tampered with.

He suggests operatives must have "infiltrated the supply chain" of the pagers, which were "likely sourced earlier this year from a company in Hungary producing pagers based on the blue prints of a Taiwanese company".

A former British Army bomb disposal officer explained that an explosive device has five main components: a container, a battery, a triggering device, a detonator and an explosive charge.“A pager has three of those already,” explained the ex-officer, who spoke on condition of anonymity because he now works as a consultant with clients on the Middle East. “You would only need to add the detonator and the charge.”

Could the pagers' batteries have overheated?

"While overheating batteries could potentially cause a fire, the images circulating of the explosions indicate something more severe," says Mr Billois.

"Batteries generally burn rather than explode in the manner witnessed. It's possible that an explosive charge was added to the pagers, and the software was altered to react to a specific message, which could have triggered the explosions."

Dr Krieg suggests the explosives were "activated remotely by a particular message that could have caused the battery to heat and then activate the explosives inside the device".

However, Mr Billois isn't convinced by this theory, saying it "seems more likely that a specific message was used" to detonate the explosives directly.

People donate blood at a Red Cross centre in the southern port city of Sidon, Lebanon. Credit: AP

The theory that overheating batteries as the result of malware has prompted fears expressed on social media that anyone's devices could be vulnerable to such an attack.

While Mr Billois says these concerns are "understandable", they "may be overstated".

"This operation appears to have targeted a very specific group, and the complexity of the attack, including precise delivery interception and modification of hardware and software, suggests that this is not something that could easily be replicated on a wide scale," he says.

"However, it does highlight the need for stronger security measures in the supply chain and could lead to heightened scrutiny, especially for devices used by high-risk groups or individuals, as well as more stringent security protocols for hardware and software vulnerabilities."

An Apollo Jupiter Pro v9.1 Pager. Credit: Wikimedia Commons/Jochem Pluim

Why were Hezbollah militants using pagers?

A pager, also known as a beeper, is a small battery-operated radio receiver that when set off can display either numeric or worded messages. They are now used mostly in hospitals due to reliable reception and because they're less likely to be affected by interference from medical equipment

"Hezbollah replaced mobile phones in February because they constituted such a vulnerability because they could be remotely hacked," says Dr Krieg.

"Pagers are less vulnerable to software hacking and are not traceable via the internet. So the devices had to be fiddled with physically before.

He said there were some "question marks about the ethics of this sort of warfare and spyfare" as the 5,000 delivered to Hezbollah were distributed across relief organisations, civil societal groups as well as fighters.

Subscribe free to our weekly newsletter for exclusive and original coverage from ITV News. Direct to your inbox every Friday morning.

"There is a huge amount of collateral damage," Dr Krieg said. "And while this looks very targeted, it was a fairly indiscriminate attack as it hit mostly civilians or potential fighters that at the time of the strike were not in active combat and therefore not legitimate targets.

N.R. Jenzen-Jones, an expert in military arms and director of the Australian-based Armament Research Services agrees that such a large-scale operation "raises questions of targeting" – stressing the number of causalities and enormous impact reported so far.“How can the party initiating the explosive be sure that a target’s child, for example, is not playing with the pager at the time it functions?” he says.

How long was this operation?It would take a long time to plan an attack of this scale, with experts hearing estimates ranging anywhere between several months to two years.

The sophistication of the attack suggests that the culprit has been collecting intelligence for a long time, says Nicholas Reese, adjunct instructor at the Centre for Global Affairs in New York University’s School of Professional Studies.

An attack of this calibre requires building the relationships needed to gain physical access to the pagers before they were sold, developing the technology that would be embedded in the devices, and developing sources who can confirm that the targets were carrying the pagers.It is also likely the compromised pagers seemed normal to their users for some time before the attack.

Elijah J. Magnier, a senior political risk analyst, said he has had conversations with members of Hezbollah and survivors of Tuesday's pager attack. He said the pagers were procured earlier this year.“The pagers functioned perfectly for six months," Mr Magnier said, suggesting that an error message sent to all the devices triggered the explosion.

Based on his conversations with Hezbollah members, Mr Magnier also said that many pagers didn’t go off, allowing the group to inspect them. They came to the conclusion that three to five grams of a highly explosive material were concealed or embedded in the circuitry, he said.

Hezbollah already changed their communication strategies by replacing mobile phones with pagers, and Reese suggests the group will now have to think again following the latest attacks.

Reese, who previously worked as an intelligence officer, said survivors of Tuesday's explosions are likely to throw away "not just their pagers, but their phones, and leaving their tablets or any other electronic devices”.

Want a quick and expert briefing on the biggest news stories? Listen to our latest podcasts to find out What You Need To know...