Thousands of pagers used by the militant group Hezbollah exploded across Lebanon at 3:30 p.m. on Tuesday, wounding as many as 2,800 people and killing at least 12, according to health officials. The massive apparent attack raised immediate questions about how the tiny devices could have exploded at the same time.
Hezbollah blamed the attack on Israel. The Israel Defense Forces declined to comment on whether it was responsible.
On Wednesday, a second round of explosions killed 20 and injured at least 450. This attack appeared to impact a broader range of electronic devices, including radios and fingerprint analysis devices.
Israel uses sophisticated cyberespionage methods to spy on and track members of the militant groups it opposes, including Hamas and Hezbollah. It has also built a far-ranging surveillance system using facial recognition to monitor Palestinians in the West Bank.
But the scale of such an attack, targeting thousands of Hezbollah members at once by use of their own devices, is unprecedented.
Israeli operatives probably intercepted the pagers somewhere in the supply chain before Hezbollah got them and rigged them with explosives, said Emily Harding, deputy director of the International Security Program at the Center for Strategic and International Studies, a Washington think tank.
Videos posted of the attack on social media suggest that the “explosive devices were integrated into the pagers,” N.R. Jenzen-Jones, director of Armament Research Services, a weapons research firm, said in a post on X. “The scale suggests a complex supply-chain attack, rather than a scenario in which devices were intercepted and modified in transit.”
Cellphones long ago replaced pagers for most people, but the devices are still widely available. They’re part of the same complex electronics supply chains connecting manufacturers in Asia with resellers all over the world.
“This looks to be perhaps the most extensive physical supply chain attack in history,” said Dmitri Alperovitch, chairman of the Silverado Policy Accelerator, a national security think tank.
Two photos published to social media in the aftermath of the attack show the singed and crumbled back panels of pagers with “GOLD” written in text above a model number, “AR-9.” The design of the text matches that emblazoned on the back of the “AR-924” pager model produced by Gold Apollo Co., which uses a lithium battery.
Gold Apollo, based in Taiwan, is one of the primary producers of pagers in the world.
Gold Apollo said Wednesday in a statement that it did not manufacture the AR-924 pagers that media reports suggest were used in the attack. They were “entirely handled” by a company called BAC in Budapest, which is authorized to use Gold Apollo’s brand trademark in some regions, it said.
Taiwan’s Economy Ministry said in a separate statement earlier Wednesday that it had contacted Gold Apollo, which “questioned whether the product was indeed theirs after reviewing the media reports and images, and they judged that the pager may have been tampered with after being exported.”
Gold Apollo exported 260,000 pagers from 2022 through last month, including almost 41,000 sets this year alone, according to data from the ministry. Most were exported to Europe and the United States, and there were no records of direct exports to Lebanon, the ministry said. This did not, however, rule out shipments through a third-party company.
In July, Reuters reported that Hezbollah had turned to pagers in recent months for communication after banning the use of cellphones from the battlefield out of concern that Israel could use them to locate and monitor fighters.
Pagers don’t have cameras or microphones, making them less risky for people who are concerned about surveillance, said Harding.
Little is known about the explosions that killed 20 and injured 450 across Lebanon on Wednesday.
The country’s state news agency attributed some of the explosions to two-way radios. Lebanon’s civil defense said some of Wednesday’s incidents occurred as a result of “wireless devices and fingerprint analysis devices” exploding.
Israel’s cyber-capabilities are well known. The IDF’s Unit 8200, composed of thousands of soldiers, develops technology to collect intelligence and monitor the military’s targets. The unit’s veterans often go on to work at prominent cybersecurity companies or found their own start-ups. Israel has used cellphone data to monitor the movement of people in Gaza during the war.
Israel’s military and spy agencies have assassinated the country’s enemies from afar for decades. Technology has played a chief role in some of the attacks.
In 1996, Yahya Ayyash, Hamas’s chief bombmaker, was killed when he answered a rigged cellphone, probably part of an operation by Israeli agents, The Washington Post reported. And in 2012, U.S. officials confirmed that the United States and Israel had jointly developed a cyberweapon known as Stuxnet intended to slow Iran’s nuclear program. The weapon inadvertently infected industrial control computers around the world.
Private Israeli companies create and sell sophisticated cybersecurity and surveillance software as well. A 2021 investigation by The Post and 16 media partners found that Israeli firm NSO Group had sold military-grade spyware to other governments that used it to hack cellphones used by journalists, politicians and activists.
Still, the attack is unprecedented and raises new legal questions about Israel’s compliance with international law, said Tal Mimran, academic director of the International Law Forum at Hebrew University and a former legal adviser to the IDF.
“A beeper attack is a new type of attack; we haven’t seen it,” Mimran said. “Were they able to properly assess the people who will be injured by the attack? How many casualties would be considered collateral damage?”
Modern consumer devices, including some pagers, have lithium-ion batteries that can explode or catch on fire if they get too hot or come into direct contact with metals. Even so, it is highly unlikely that a lithium battery caused Tuesday’s explosions, experts say.
Lithium batteries as small as a regular AA battery can explode and cause burns, said Richard Meier, principal expert with Meier Fire Investigation, who has overseen many investigations into lithium battery fires. In one case, a small battery exploded in a person’s pocket after coming into contact with loose change, causing severe burns.
Lithium batteries that overheat can reach 2,000 degrees Fahrenheit, Meier said. Devices are generally designed to vent this heat, but if they don’t, “the battery can and will explode,” he said.
Some batteries rely on the devices’ own software to regulate their use and temperature, so it is theoretically possible to hack into a pager and trigger its battery to heat to the point that it explodes, Meier said.
However, Taiwan’s Economy Ministry said Wednesday in its statement that Gold Apollo said the battery inside its pager is about the size of a standard AA battery “with no possibility of causing an explosion that could lead to casualties.”
At the same time, videos of the attack posted to social media show the pagers exploding instantaneously, rather than catching fire. Overheating lithium batteries sometimes explode, but also catch fire or throw off streams of superheated material in unpredictable ways.
“I’ve seen enough lithium battery fires to know that what we’re seeing in published videos is not consistent with a battery fire,” said Jake Williams, a security researcher and vice president of research and development at Hunter Strategy, a security consulting firm. “The electrochemistry in cheap batteries simply doesn’t support detonating them all in a very short time period like was observed.”
Instead, the explosive material may have been placed into the batteries themselves, Williams said.
Rachel Chason in Jerusalem, Vic Chiang in Taipei, Taiwan, and Meg Kelly, Ellen Nakashima and Sammy Westfall in Washington and contributed to this report.