The use of pagers and walkie-talkies in several consecutive coordinated explosions in Lebanon has brought into focus the security of global supply chains and their vulnerability to manipulation by governments or other actors.
The use of thousands of electronic devices in the attacks, which were believed to have been orchestrated by Israel as part of an operation against Lebanon’s Hezbollah, raises fears that everyday communications devices could be used as weapons in the future.
For technology companies, the attacks are likely to serve as a stark reminder of the importance of securing their supply chains, and could also damage public trust in technology, industry and supply chain analysts told Al Jazeera.
“Any company that makes or sells physical devices is concerned about the integrity of their supply chain,” said James Grimmelmann, Tessler Family Professor of Digital and Information Law at Cornell Tech and Cornell Law School in the United States.
“They will likely consider additional safeguards and screening to better detect and prevent such practices.”
Although Israel had previously been involved in attacks using manipulated communications devices – including the killing of Hamas bomb maker Yahya Ayyash in 1996 with a cell phone rigged with explosives – the scale of these attacks, in which thousands were detonated simultaneously, was unprecedented.
According to Lebanese authorities, at least 32 people were killed and more than 3,100 injured in the explosions on Tuesday and Wednesday, including Hezbollah members and civilians.
Erosion of public trust
Brian Patrick Green, director of technology ethics at the Markkula Center for Applied Ethics at Santa Clara University in the US, called the attacks a potential turning point for the public’s trust in their electronic devices.
“Thousands of devices were somehow weaponized without anyone noticing. How widespread are these explosive devices? How did the explosives get into the devices or the devices’ supply chains? This attack raises terrifying questions that have never been considered before,” Green said.
Mariarosaria Taddeo, professor of digital ethics and defence technologies at the University of Oxford, said the attacks set a worrying precedent because they were not a supply chain disruption as part of a specific act of sabotage, but a distributed attack with high impact.
“Experts have considered this scenario, but state actors less so. If anything good comes out of this, it will lead to a public debate about supply chain control, strategic autonomy over digital assets and digital sovereignty,” Taddeo said.
While it is not entirely clear how the pagers and walkie-talkies were converted into explosive devices, Lebanese and US authorities told several media outlets that Israeli intelligence had rigged the devices with explosives.
Israel has so far neither commented to confirm nor deny responsibility.
Taiwanese company Gold Apollo, whose brand of pagers was used in the attacks, denied on Wednesday making the deadly devices, saying they were manufactured under license by a company called BAC.
Hsu Ching-kuang, CEO of Gold Apollo, told US radio station NPR that BAC paid his company through a bank account in the Middle East that had been frozen at least once by his company’s Taiwanese bank.
BAC, based in the Hungarian capital Budapest, did not respond to requests for comment.
On Thursday, the New York Times reported, citing three unnamed intelligence officials, that BAC was an Israeli front organization for producing the explosive pagers.
The Japanese radio manufacturer Icom said it had stopped producing the radios allegedly used in the attacks about ten years ago.
“Production was discontinued about ten years ago and our company has not shipped it since then,” Icom said in a statement.
“Production of the batteries needed to operate the main unit has also been stopped, and a hologram seal to distinguish counterfeit products has not been affixed, so it cannot be confirmed whether the product comes from our company.”
Patrick Lin, director of the Ethics + Emerging Sciences Group at California Polytechnic State University (Cal Poly), said there are important questions about where in the supply chain the devices were compromised.
“Does this happen during the manufacturing process, during transportation, or at the system operator level just before the devices are assigned to individuals?” Lin said.
“If this happened during the manufacturing process, other technology manufacturers should be more concerned because the other possibilities are beyond their control. If the pager manufacturer was not a willing accomplice in such a scenario, its operational security was seriously compromised.”
How will technology companies react?
However the devices may have been compromised, the attacks could further accelerate the trend toward technologies “developed within national borders to enable tighter control of supply chain security, whether it’s smartphones, drones, social media apps or whatever,” Lin said.
Milad Haghani, a supply chain expert at the School of Civil and Environmental Engineering at the University of New South Wales in Australia, said he expected a “comprehensive reckoning” that would prompt companies to tighten their supply chain security protocols.
“For technology companies in general, this situation is unprecedented in its scale and many have probably not taken the security of their production processes so seriously before,” Haghani said.
“Many companies may not have been adequately prepared to deal with such threats,” he said, adding that the explosions in Lebanon would lead to a significant intensification of security efforts within organizations.
Smartphone giants such as Apple, Samsung, Huawei, Xiomi and LG are considered less vulnerable to attacks than smaller companies, analysts said, citing reasons including their greater attention to security, the relatively targeted nature of the operation against Hezbollah and the smaller space in their devices to house substances such as explosives.
“There will be curiosity, but their production and supply chains are completely different from those of small companies, including suppliers of counterfeit transmitters and receivers, so there is no reason, at least for now, to believe they could be affected,” said Lukasz Olejnik, visiting lecturer at the Department of War Studies at King’s College London.
“However, large companies may be inclined to highlight the differences in their approaches.”
Others expressed less confidence in the idea that big tech companies are immune to such concerns, citing the fact that the companies rely on smaller suppliers who may be easier targets, or that they have worked with governments to target individuals in less lethal ways, primarily by spying on their communications.
“The Israeli government has already been accused of using the NSO Group’s spyware as essentially a privatized intelligence service, and in fact, just this week Apple withdrew its lawsuit against NSO for fear that its security secrets might be leaked,” Grimmelmann said.
“This is deeply disturbing, and citizens should not allow their governments to literally weaponize consumer technology in this way.”
Apple, Samsung, Huawei, Xiomi and LG did not immediately respond to requests for comment.
Andrew Maynard, a professor at Arizona State University’s (ASU) School for the Future of Innovation in Society, said the attacks would inevitably change the perception of personal electronic devices “from devices that are perfectly safe to devices that could potentially be abused and used to cause serious harm.”
“It wouldn’t surprise me if this led to growing distrust and fear about whether the devices people use every day are safe, and if major companies made serious efforts to assure their customers of this,” Maynard said.
“The attacks have a number of other consequences as well. Before September 17, the idea of using private devices to take out a well-defined group of people was not part of the global zeitgeist. Now it is.”
While Israel’s supporters and critics argue over whether the attacks should be viewed as a targeted strike against military targets or a reckless act that put civilians at risk, the explosions also raise the possibility that other actors could draw inspiration from such tactics.
Haghani said that while it would be difficult for most actors to carry out such attacks, it is important to ensure that “non-state actors, who may have fewer moral boundaries, do not exploit supply chains in this way.”
Maynard, a professor at ASU, said non-state armed groups may view such tactics as a “plausible way to instill fear and advance their goals.”
“In effect, the door has been opened to a new form of terror campaign – one in which individuals are at risk of the device in their pocket – or in the hand of their child – becoming a tool of destruction,” he said.
“The counterargument to that is that it’s probably still extremely expensive and difficult to take, say, a commercially available phone and use it as a weapon. But now that the idea is out there, the possibility of doing that has probably increased.”
