Threats Beyond Pagers: Do Hezbollah Explosions Reveal the Flaws of Modern Gadgets Like Phones, Smartwatches, and Medical Devices?

Recent explosions in Lebanon, allegedly caused by explosive-packed pagers used by Hezbollah, have raised concerns about broader security threats to everyday devices like smartwatches, earphones and medical devices like pacemakers. According to a Reuters report, the Israeli Mossad likely planted explosives in pagers ordered by Hezbollah, causing nine deaths and thousands of injuries. The revelations have prompted a deeper discussion about how vulnerable other modern gadgets might be to manipulation. Here’s what cybersecurity experts have to say.

Saket Modi, co-founder and CEO of Safe Security, explained that while pagers were the target in this case, other devices such as smartwatches, earphones and medical equipment could be susceptible to similar vulnerabilities. However, the scale of such attacks is likely to be limited due to the nature of the technology.

“Yes, pacemakers and insulin pumps have been identified as vulnerable not to explosions but to attacking Bluetooth Low Energy (BLE) telemetry services to disrupt the normal functioning of these medical devices,” Modi said. “However, most of these devices have short-range connectivity — except for smartwatches — and therefore, there is a high probability of being exploited at close range and it cannot be done on a large scale. Targeted attack, yes, but on a large scale, no.”

This raises concerns about devices that rely on wireless connectivity, especially as the Internet of Things (IoT) expands to include more and more consumer and medical devices.

Vineet Kumar, founder and global chairman of the CyberPeace Foundation, expanded on the broader risks associated with the growing prevalence of IoT devices, noting that these devices, from smartphones and earbuds to medical devices like pacemakers, are becoming an integral part of everyday life but pose significant security risks if tampered with.

“Medical devices and devices are also susceptible. In fact, the Internet of Things (IoT) is all around us, and IoT devices are everywhere,” Kumar said. “Devices like smartphones, earphones, and even medical devices like pacemakers use batteries and other electronic components that can be modified to contain malicious payloads.”

Kumar stressed that pacemakers are particularly risky targets because of their vital role in controlling basic bodily functions. He cited a notable case from 2012, when the US vice president was allegedly attacked via his pacemaker, underscoring the potential for remote hacking of life-saving devices.

“There have already been warnings about the possibility of remote hacking of pacemakers,” he said. “While this is typically related to data or performance manipulation, the inclusion of physical threats, such as explosives manipulation, is possible if the supply chain is infiltrated.”

Nandakishore Harikumar, CEO and founder of Technisanct, also stressed the importance of supply chain security, especially when it comes to medical devices. He noted that while pager-like vulnerabilities can exist in wearables and pacemakers, tighter controls on medical devices could reduce the likelihood of such tampering going undetected.

“Wearable devices and pacemakers could be subject to similar vulnerabilities, especially if they come from unregulated supply chains,” Harikumar said. “However, due to their life-critical nature, medical devices like pacemakers are subject to more stringent controls, reducing the risk that such manipulations will go undetected.”

The emphasis on supply chain security is critical given the growing complexity of connected devices and the increasing number of components that can potentially be modified or manipulated.

One question that arises is how tamper detection works in more advanced devices, such as smartphones, which can be equally vulnerable to similar attacks. According to Saket Modi, some smartphone manufacturers have implemented tamper detection mechanisms to protect against unauthorized modifications.

“Some smartphone manufacturers have implemented tamper detection where if a counterfeit component is placed in the device, a warning message is displayed,” Modi explained. “For example, if a counterfeit battery is used in an iPhone, a notification is displayed for a few days and then a warning is displayed on the battery status page.”

He also pointed out that more advanced measures, such as secure boot controls used in devices like the Apple iPhone and Google Pixel, prevent the phone’s operating system from loading if the firmware has been compromised. “This could explain why the explosive device inside the pager was detonated after receiving a specific message,” Modi added.

Modi cautioned, however, that not all manufacturers have such robust tamper detection. “Not all manufacturers have adequate tamper detection controls, so the risk is still there,” he warned.

The Hezbollah pager explosions have exposed the importance of securing supply chains, especially for devices that play a critical role in personal health and safety. If tampering can occur at the manufacturing stage, as is likely the case with the Hezbollah pagers, the consequences could be catastrophic for other high-risk devices, including medical implants and wearable technology.

“The inclusion of physical threats, such as explosives, is a possibility if the supply chain is compromised,” Vineet Kumar reiterated. Experts agree that with the continued proliferation of IoT devices, ensuring the security of these supply chains is becoming more important than ever.