Analysis: The Lebanon explosions – A wake-up call for tech firms?

Analysis: The Lebanon explosions – A wake-up call for tech firms?

Lebanon on map

The recent explosions in Lebanon involving handheld walkie-talkies, pagers, and other wireless communication devices have shaken the region, killing at least 37 people and injuring over 3,000.

While Hezbollah blames Israel for the coordinated attacks, the scale and sophistication of the blasts have prompted deeper questions about the security of supply chains for electronic devices.

Subscribe today for free


This event underscores the critical intersection between physical security, cyber threats, and modern warfare, according to Tom Exelby, head of cyber at Red Helix.

Exelby, who has a distinguished 15-year military career, including work in bomb disposal, emphasises that the complexity of the Lebanon attacks suggests involvement beyond traditional criminal groups.

He told Capacity: "This event demonstrates a level of sophistication unlikely to be achievable, on this scale, by a non-state actor."

The precision and scale point to state or state-sponsored involvement rather than cybercriminals, who typically focus on extortion, ransomware, or identity theft.

Thousands of pagers, potentially packed with explosives, were used in the attacks, leading Exelby to suggest that the supply chain of these devices was likely compromised.

He notes that the bulk ordering of these devices to known addresses hints at a well-orchestrated plan targeting specific entities. This signals a broader issue: when supply chains are infiltrated, even seemingly harmless electronic devices can be weaponised.

The attack highlights a crucial but often overlooked vulnerability: the supply chain. Exelby suggests that if the attackers had compromised the supply chain of pagers, they could have just as easily done so with more advanced technology, like smartphones.

However, he adds that it is unlikely attackers would use smartphones, given the challenge of targeting individuals through publicly available retail channels. Nevertheless, this possibility should act as a wake-up call for tech manufacturers.

In Exelby’s words: "Organisations should treat both physical and cyber security as interconnected when safeguarding electronic devices."

The integration of these two fields is essential in protecting against attacks that exploit physical vulnerabilities alongside digital systems.

Wider implications

The sophistication of this attack serves as a stark reminder to technology firms about the importance of securing their supply chains.

Exelby suggests that manufacturers need to validate the integrity of their supply chains, ensuring all components are sourced from trusted suppliers and remain untampered throughout their lifecycle.

"Tech manufacturers must confirm the security of their supply chain," Exelby emphasises.

This includes not only preventing digital hacks but also ensuring that the physical hardware is protected from tampering.

The takeaway for businesses and governments alike is clear according to Exelby: "They must integrate physical and cyber measures into their security ecosystems.”

"Device hardware must be protected from tampering or malicious use."

RELATED STORIES

Telecom services in Gaza slowly restored as Egypt provides towers at border

Gaza plunged into another internet blackout

Gift this article