Comment by netsharc

Comment by netsharc 3 days ago

18 replies

View on Hacker News

It must be a combination of hardware (put a bomb in it) and software (trigger an explosion when a particular command is received) hack. Triggering an explosion of all devices is needed because if people started hearing about exploding pagers, they'd place their own far away from anything precious to them.

Geez, I thought this kind of hack is the stuff of (bad) action movies.

I wonder if there's a pager that was powered off during the attack and if somebody will dissect how they did it.

Edit: then again maybe the code is as simple as

    if (currentTime() >= KABOOM_TIME) { goKaboom(); }
delichon 3 days ago

Warning, under the International Traffic in Arms Regulations in the US civil fines of up to $500k per violation apply to software exports classified as related to munitions or military applications. You may want to consult an attorney before sharing such algorithms on a public forum.

Reply View 1 reply
hhh 3 days ago

They’re pagers, so it could also be a modification of the firmware to listen for a certain message (could it be as simple as a pocsag network where all of the pagers would get every message and only alert if it’s targeted for them?)

Reply View 2 replies
  • [removed] 3 days ago
    [deleted]
    Reply View 0 replies
  • moduspol 3 days ago

    Cheap cell phones have been used as detonators for quite some time.

    Reply View 0 replies
flutas 3 days ago

I doubt it has anything to do with the battery, pagers typically use the far more stable (and less energy dense) NiMH composition over a typical lithium one.

Reply View 4 replies
  • himinlomax 2 days ago

    It's probably much easier these days to source lithium batteries than NiMH ones.

    Reply View 0 replies
  • pythonguython 3 days ago

    Most pagers also aren’t designed incinerate/explode when they receive a signal, so I don’t know if we can make assumptions based on what typical pagers do. Seems a lot easier to short a LiPo battery than conceal a tiny explosive. An explosive can be found, but they’re unlikely to find out that the BMS is bugged to short the battery to ground

    Reply View 2 replies
    • Ancapistani 3 days ago

      A LiPo will burn, aggressively and hot, but they don't explode.

      To get a LiPo to explode you'd need to both puncture/rupture it and somehow contain the escaping gasses long enough to build up pressure.

      No, I'm as convinced as I can be that this was a supply-chain attack, and used a purpose-built "addition" the pagers in the form of an explosively formed penetrator.

      Given that an EFP is usually concave, I'll even go so far as to say I bet it was disguised as part of the speaker assembly.

      Reply View 1 reply
      • pythonguython 3 days ago

        LiPos used today burn because they have vent slits. Remove the vents and it’s far more likely to explode. In any case, we’ll probably find out in a couple weeks.

        Reply View 0 replies
[removed] 3 days ago
[deleted]
Reply View 0 replies
ars 3 days ago

I saw some videos of explosions, the pagers received some sort of signal or message that made the holder look at the pager.

Most of the injuries were to the hands or eyes. It was a very very weak explosion - even people right next to the person were not harmed, just the person holding the pager.

Reply View 0 replies
bee_rider 3 days ago

Hypothetically there could be scenarios where something as simple as control over the right NTP servers could trigger that code, right? I

Reply View 0 replies
myth_drannon 3 days ago

[flagged]

Reply View 3 replies
  • honzaik 3 days ago

    It may be a combination of making the battery overheat which would trigger the planted explosives from a supply chain attack. Of course, I am no hardware engineer/bomb expert to know if that is possible.

    Reply View 2 replies
    • redog 3 days ago

      I mean at that point why not just make the battery the explosive..it's not like it needs a great shelf-life just a kaboom

      Reply View 0 replies