Learning from Pager Blasts in Lebanon-

#Lebanon #Pager blast is an interesting case study for the researchers working in the domain of cyber-Physical Systems (#CPS) security. This incident marks the completion of integrating cyber warfare into kinetic warfare, the process which was started during another similar incident named #Stuxnet. Although a lot has happened between these two incidents, the prominent and noticeable thing is the migration of threat actors from thrill seeking script-kiddies to nation-state actors in such cyber-attacks. The geo-political scenarios in middle east and elsewhere in the world are only going to increase such incidents making cyber warfare more deadly. ?

?

What we know so far in this incident? Why Pagers?

More than 11 people died and 4000+ incurred (around 400 in critical condition in ICU) when thousands of pagers were detonated across Lebanon in a span of few hours. A lot of 5000 pagers were purchased by Hezbollah from reportedly a Taiwan based company to avoid possible surveillance and infiltration of mobile network. As compared to smart phones, Pagers don’t have GPS module hence its difficult to find location by triangulation. It also allows one way communication and is suitable to receive broadcast messages.

?

What can be possible causes?

From the preliminary reports and evidences of blast as appearing in videos being circulated in the social media it seems that its classical cyber-physical attack. Its not purely cyber attack. It involves supply chain contamination leading to tweaking of battery chemistry. Although it is possible to increase compute load by malicious code leading to increase in temperature causing fire, the videos clearly contrast this. Further, the processor used in pager is much computationally constrained than a smart phone. Also, increase in temperature can’t be so sudden that it goes unnoticed by the user of the pager. The videos clearly show blast with massive sound. It indicates that there was some explosive in the pager battery. Lithium-Ion technology has a reasonably stable chemistry as compared to other storage chemistries like Lead Acid. There are a few incidents of “thermal runaway” where Lithium based batteries catch fire. But such fires are often characterised by smoke and takes a couple of minutes in the process. The videos are clearly showing this blast to be instantaneous with a cracking sound. Hence this appears to be a supply chain contamination where the chemistries were altered by adding some explosive component which was later got triggered by some malicious code or a message.

?

What Next?

This incident is an eye opener. The attack vector demonstrated by this incident has many potential use cases as the battery storage is inevitable in almost all devices. This includes mobiles, laptops, wearable devices, EVs etc. Also, there are a large scale battery storage deployment planned for grid stability, renewable integration of intermittent sources and Green Hydrogen. Although the current incident have more injuries than casualties, this is even more impactful in battlefield as one injured soldier essentially needs 4 other soldier to take him\her to base. ?

This incident paints a very scary scenario. We need to ensure full control on supply chain and need to focus on building indigenous capabilities in detecting hardware and software Trojans.