The Washington Post has a long and detailed story about the operation that’s well worth reading (alternate version here).
The sales pitch came from a marketing official trusted by Hezbollah with links to Apollo. The marketing official, a woman whose identity and nationality officials declined to reveal, was a former Middle East sales representative for the Taiwanese firm who had established her own company and acquired a license to sell a line of pagers that bore the Apollo brand. Sometime in 2023, she offered Hezbollah a deal on one of the products her firm sold: the rugged and reliable AR924.
“She was the one in touch with Hezbollah, and explained to them why the bigger pager with the larger battery was better than the original model,” said an Israeli official briefed on details of the operation. One of the main selling points about the AR924 was that it was “possible to charge with a cable. And the batteries were longer lasting,” the official said.
As it turned out, the actual production of the devices was outsourced and the marketing official had no knowledge of the operation and was unaware that the pagers were physically assembled in Israel under Mossad oversight, officials said. Mossad’s pagers, each weighing less than three ounces, included a unique feature: a battery pack that concealed a tiny amount of a powerful explosive, according to the officials familiar with the plot.
In a feat of engineering, the bomb component was so carefully hidden as to be virtually undetectable, even if the device was taken apart, the officials said. Israeli officials believe that Hezbollah did disassemble some of the pagers and may have even X-rayed them.
Also invisible was Mossad’s remote access to the devices. An electronic signal from the intelligence service could trigger the explosion of thousands of the devices at once. But, to ensure maximum damage, the blast could also be triggered by a special two-step procedure required for viewing secure messages that had been encrypted.
“You had to push two buttons to read the message,” an official said. In practice, that meant using both hands.
Also read Bunnie Huang’s essay on what it means to live in a world where people can turn IoT devices into bombs. His conclusion:
Not all things that could exist should exist, and some ideas are better left unimplemented. Technology alone has no ethics: the difference between a patch and an exploit is the method in which a technology is disclosed. Exploding batteries have probably been conceived of and tested by spy agencies around the world, but never deployed en masse because while it may achieve a tactical win, it is too easy for weaker adversaries to copy the idea and justify its re-deployment in an asymmetric and devastating retaliation.
However, now that I’ve seen it executed, I am left with the terrifying realization that not only is it feasible, it’s relatively easy for any modestly-funded entity to implement. Not just our allies can do this—a wide cast of adversaries have this capability in their reach, from nation-states to cartels and gangs, to shady copycat battery factories just looking for a big payday (if chemical suppliers can moonlight in illicit drugs, what stops battery factories from dealing in bespoke munitions?). Bottom line is: we should approach the public policy debate around this assuming that someday, we could be victims of exploding batteries, too. Turning everyday objects into fragmentation grenades should be a crime, as it blurs the line between civilian and military technologies.
I fear that if we do not universally and swiftly condemn the practice of turning everyday gadgets into bombs, we risk legitimizing a military technology that can literally bring the front line of every conflict into your pocket, purse or home.
More Stories
Most Organizations Unprepared for Post-Quantum Threat
Most organizations are not prepared for the post-quantum threat, despite the recent publication of NIST's first three finalized post-quantum encryption...
Microsoft: Nation-States Team Up with Cybercriminals for Attacks
Microsoft has observed nation states ramping up cooperation with cybercriminals to conduct operations in the past year Read More
Cerberus Android Banking Trojan Deployed in New Multi-Stage Malicious Campaign
The sophisticate campaign, ErrorFather, employs keylogging, virtual networks and a domain generation algorithm to target Android users Read More
From Reactive to Proactive: Shifting Your Cybersecurity Strategy
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of...
Insurer Aims to “Clawback” BEC Losses After £1.4m Success
Coalition’s new service aims to mitigate the impact of growing UK corporate fraud losses Read More
Eight Million Users Install 200+ Malicious Apps from Google Play
Zscaler has found more than 200 malicious apps on Google Play with over eight million installs Read More