<b>Live updates: Follow the latest on </b><a href="https://www.thenationalnews.com/news/mena/2024/08/21/live-israel-gaza-war-ceasefire/" target="_blank"><b>Israel-Gaza</b></a> Lebanon is reeling from deadly attacks that saw handheld communication devices detonate on Wednesday and thousands of pagers simultaneously explode to <a href="https://www.thenationalnews.com/news/mena/2024/09/18/pager-explosions-lebanon/" target="_blank">kill 12 people, including two children, and injure nearly 3,000 </a>the day before. Afterwards, concern grows over whether consumer electronics can be used to inflict physical harm on unsuspecting people. The short answer is, yes, it can be done – but the methods to actually do this are complex. Without physical contact with the device, it is difficult to access the firmware – the software that manages the hardware – needed to manipulate physical parts such as a battery to make it overheat and possibly ignite. Pagers, devices that can receive alphanumeric messages, were popular in the 1990s. While official verification of whether Israeli officials accessed Hezbollah pagers physically or accessed them en masse remotely is yet to be confirmed, Tuesday's attack shows that perpetrators are skilled enough to tap into older technology. This also raises questions about how much more damage can be done, particularly with higher-powered modern equipment. Today, devices ranging from laptops to thermostats can be hacked remotely. Printers, for example, can have their ink heated enough to burn the paper inside them, or vehicle systems could be compromised to disable parts such as brakes. US consultancy <a href="https://www.thenationalnews.com/business/technology/2021/07/27/cyber-criminals-will-weaponise-operational-technology-environments-to-harm-humans-by-2025/" target="_blank">Gartner in 2021 warned</a> that cyber criminals would use operational technology environments to harm or kill humans in the next four years. “In all these devices, there's a tiny, little computer there … [pagers] are kind of slow, but they're still computers,” Robert Graham, chief executive of Atlanta-based cyber security company Errata Security, told <i>The National</i>. “So whoever intercepted these would likely write their own software, change the software and put that on the devices, so that they would operate the same." It is very difficult to remotely reprogramme the physical hardware of a battery to overheat to cause an explosion, Mr Graham said, and a phone battery would need to be fully charged to cause damage if triggered. Smartphones, the most popular consumer electronic devices, are obvious candidates for an attack, but they are a costly option for potential attackers due to stringent measures taken by their makers. Advanced technology has also contributed to preventing remote access, particularly within the top tier of smartphones from Apple and Google. Apps on devices from Samsung Electronics and Huawei Technologies “are known to often have a lot more bugs” than those from Apple and Google, Mr Graham said. Mohamed Belarbi, chief executive of Abu Dhabi-based cyber security firm Cypherleak, agrees: the cost of hacking a well-made and secured device could be astronomical. “When it comes to firmware, you need a lot of technical background and skills,” he told <i>The National</i>. You would have to be “able to bypass the security safeguards that are built in by the manufacturers. "We've seen this before where the cost of hacking into an Apple iPhone could cost millions of dollars – now imagine multiplying that to access something as critical and as dangerous as blowing up a pager or blowing up a turbine.” Yet for less protected or more flawed systems, everyday items can be used to hack into your devices. There is the humble data and power cable that can be bought on any e-commerce site such as Amazon, the most popular of which today is the USB-C. This simple connection has the ability to severely compromise a device. “These things are becoming so sophisticated that today you can buy on the internet a USB-C cable that has a little computer embedded in the head of the cable,” Mr Belarbi said. This device can manipulate the physical components of technology to a desired, and in many cases malicious, effect. In the US, <a href="https://www.thenationalnews.com/business/technology/2023/04/11/fbi-warns-against-using-public-charging-stations-due-to-malware-and-juice-jacking-risk/" target="_blank">the FBI last year warned against using public charging points</a> for electronic devices, saying they can be a gateway for cyber criminals. Charging stations in public spaces, including malls, hotels, restaurants and parks, have paved the way for “juice jacking”, which simply means using a USB connection to compromise a device. “The moment you start using it to charge, the hacker is able to access your phone and to gather data. And this is quite common,” Mr Belarbi added. Where technology is manufactured and who is involved in the supply chain can be risk factors, particularly in today's more globalised environment. For example, a lot of devices and their parts are sourced from China, which means there is a chance that the state or its actors might intervene, similar to the US government's backdoor access to online platforms, he said. “I think it's just an inherent risk that we have to live with and [have to] determine what are we comfortable with and what are we not comfortable with.” Another question that has been asked is why attacks using technology have not been seen in Gaza. One answer is that because a lot of the technology in Gaza is locally made, it is less accessible. “They're able to communicate without interference from outside operators or actors,” Mr Belarbi said, unlike in the case of Israel's attack on Hezbollah, where radio waves could have been used to cause temporary interference. “So you always see … the benefit, pros and cons of having your own technology. Yes, in terms of maturity and advancement, it might not catch up with whatever is out there commercially, but it definitely allows you to avoid a lot of the issues associated with technology tampering,” he added. “There's nothing you can do if a phone or device has been tampered with at the manufacturer or supply chain level before it reaches you,” Mr Belarbi said. “Because even if you open an iPhone or a Samsung, you wouldn't be able to tell.” Manufacturers, especially the biggest ones, ensure a strict ecosystem in the components of their devices – but not all firms are built equally. “We have companies that are ahead of the curve – Apple and Google ,” Mr Graham said. “Most electronic devices are behind the curve, and we can probably find the bug pretty easily, whereas Apple and Android are very, very tough.” But the Lebanon incident also goes beyond being a wake-up call – it's a “stark reminder that our approach to supply-chain security needs a complete overhaul”, Andreas Hassellof, chief executive of Dubai-based technology company Ombori, told <i>The National</i>. “We're facing a new breed of threats that blur the lines between digital and physical vulnerabilities,” he said, noting the previous advanced supply chain attacks on SolarWinds, NotPetya and SuperMicro. “The message is clear: adapt or become a target. Organisations clinging to outdated security models aren't just falling behind – they're inviting disaster.”
