Comment by spidersenses

Comment by spidersenses 3 days ago

16 replies

View on Hacker News

>or firmware hack.

There's still the question of how the explosive capsule would have been triggered. It couldn't just explode at the first incoming call. There must be more to that.

ajsnigrutin 3 days ago

The microcontrollers inside the pagers probably have a spare GPIO pin, so they'd just have to modify the software and attach the detonating electronics to that gpio pin.

Since i'm supposedly "posting too fast", to answer the post below:

> Just curious, is it possible to program the pins so that it triggers by wireless or satellite command? With that scale I don't think wireless is possible though.

Technically it is, but requires additional electronics and antennas. It's much easier to just use the existing pager network and trigger when some specific message (or pager code) is detected. Paging networks are simple to implement.

Reply View 6 replies
  • tptacek 3 days ago

    It seems pretty plausible that the actual supply chain attack here would have been Israel subbing out whole shipping crates of pagers for sabotaged devices Israel manufactured itself, which would allow for arbitrary complex designs.

    Reply View 1 reply
    • markus_zhang 3 days ago

      Maybe they bought a large quantity of pagers from the same supplier and modified beforehand? I think a few grams of high explosives is good enough.

      Reply View 0 replies
  • markus_zhang 3 days ago

    Just curious, is it possible to program the pins so that it triggers by wireless or satellite command? With that scale I don't think wireless is possible though.

    Reply View 2 replies
    • londons_explore 3 days ago

      the pager is already wireless. So adding functionality to trigger wirelessly (over the phone network) is trivial. And it can trigger only with a special message.

      Reply View 1 reply
      • markus_zhang 3 days ago

        Yeah you are probably right. I'm an electronics newbie and don't know exactly how pagers work in wireless. I'm going to read some material on it.

        Reply View 0 replies
  • markus_zhang 3 days ago

    Thanks, I wonder how does one do that. I'll probably need to read how pagers work.

    Reply View 0 replies
svnt 3 days ago

My best guess is explosively formed penetrator in the display.

I don’t think wholesale replacement of the pagers was likely to work for a number of reasons.

They had to go one step up the supply chain.

The EFP display could be set to trigger on a certain message, or even the clearing of a certain message, which in devices without said display would do nothing.

The display is most likely to be pointed at the user’s face, or opposed to their waistline (EFPs sort of fire both ways but in one axis.

The battery, if it were a cylinder as would be likely, would fire tangentially, likely not hitting much.

A prismatic battery would make a good place for an EFP but difficult to interface with and likely requires a second compromised component.

Reply View 7 replies
  • hinkley 3 days ago

    Theory: A prismatic battery with an explosive core and an electronic fuse swapped to trigger the explosive instead of disconnect the battery. Firmware change to short the battery. No visible signs of tampering even in iFixit like conditions.

    Reply View 6 replies
    • svnt 3 days ago

      The best evidence we have now suggests that the devices used had removable (AAA) batteries, not built-in batteries.

      If I was buying pagers and had previously been hit by intelligence ops I would be buying batteries in random supermarkets.

      Reply View 3 replies
      • hinkley 3 days ago

        I'm looking at pager teardowns and there's nothing even close to the volume of the battery in there. Big transistor and the speaker housing.

        Which sort of leans back toward the theory that nobody checked the pagers at all.

        Reply View 2 replies
    • rolux 3 days ago

      What would happen if you walked through airport security with such a device?

      Reply View 1 reply
      • svnt 2 days ago

        Nothing, they aren’t looking for 2”x1” sheets of copper within electronic devices, and presumably the thin layer of explosives would be sealed and washed.

        Reply View 0 replies
emiliobumachar 3 days ago

Might be a hardcoded date and time. Does the legit pager messaging network give the time? If not, continually powered digital clocks drift slowly.

Reply View 0 replies