Reuters news report about Icom radios:
Hezbollah Icom portables exploding in Lebanon?
- Thread starter speedway_navigator
- Start date
Lebanon and Qatar has banned commercial air carriers from flying with HTs and pagers on board. If an amateur is heading to Lebanon, Qatar, or areas served by their national airlines, prudence dictates that you leave your radio gear at home to avoid confiscation and or civil/criminal charges.
paulears
Member
The translation of the word ‘made’ in Japan might bite icom hard because there are a number of icom radios made in China and then as far as I can tell, having their splash screen and firmware inserted in Japan. Some icoms are ‘made’ by having a different rear moulding to another brand fitted so they use a standard battery. I’ve repaired many with the so called fakes as donor radios. There are some fake icoms like the IC-V86 which is poorly made. The IC-V8 and the one in the news are, from the ones I have had, OEM products made I suspect from the parts produced in China and assembled in Japan. The pcbs batteries and chassis are identical but I think the ten year hiatus means the cases are new mouldings because the colour is slightly more dark green? If you open them up and look inside the construction is 100% icom quality, as is the performance.
Ok. I thought I read somewhere that this batch of radios and pagers were ordered and supplied (maybe even made in knockoff factories, or refurbished) around 6 months ago. However this might just be a fabricated memory because I don't remember where I heard that. At the least I suspect custom firmware, and possibly hardware as I have experienced several crappy batteries overheating and they rarely explode with that much force (I did have an HT light on fire once though). Very curious and possibly scary topic indeed
You know you cannot trust them Cheap Chinese Batteries or those Cheap BoFang Copies.
Ubbe
Member
More Electronics Explode In Lebanon As Israel Declares ‘New Phase’ Of War
The detonation of thousands of devices along with other developments may be a precursor to a full-on Israeli military operation against Hezbollah in Lebanon. Another wave of exploding electrical devices has further stoked fears of a full-scale conflict between Israel and Lebanon.www.twz.com
That first picture shows an explosion from the top of the circuit board side but another picture show an explosion at the middle of the radio from the battery side. But if the explosive where placed in a battery it would be too difficult to ignite the explosives. The same with the single AA battery in those pagers.
The other reported explosions, without any pictures or evidence, from solar cell batteries and other devices are probably just misinformation and could be from one single instance of a normal overcharge failure and not really any explosion and could have happened at a different time not related to the incidents in recent days.
Pagers can be programmed with a group call and the Icom V82 can be programmed with a DTMF group call and that specific alert output can be used to trigger a small explosive. Those group calls can be sent on their frequencies from an airplane or drone or a high mountain top. But that also means that Hizbollah didn't program their devices themselves.
That BAC company in Budapest that sold those pagers are a one woman company and are rumored to be run be Israel agents that then had access to the shipment before it where sent to Hizbollah. Maybe those Icom's where also purchased thru that BAC company.
/Ubbe
I’m thinking they went far enough to have custom firmware. The explosion command wasn’t part of the code plug, but was baked into firmware so they did program the radios themselves and there was no way to know about or disable the ‘advanced stun/kill’
Ubbe
Member
It was said that Hizbollah began to suspect foul play with their pagers and was the reason to trigger the explosions now before they where disabled.
It might have been someone that had downloaded the pager program software to replace a broken pager and wanted to move the user ID to another spare pager and looked at the codeplug and discovered a strange group call that wasn't ordered to be included in their programming and they started to investigate the reason for this. I can't think of any other reason why they would suspect that the pagers where not legit.
/Ubbe
That or they just heard a lot of rumors or some emails/phone calls got found or something. I hope we get some articles about the technical side and backstory of this eventually.
nd5y
Member
Keep an eye on twz.
How Israel Turned Hezbollah’s Pagers Into Exploding Trojan Horses
It's becoming clear that Israel executed a highly complex, years-long espionage operation unlike any we have seen before to weaponize Hezbollah's communications against them. It's becoming clear that Israel executed a highly complex, years-long espionage operation unlike any we have seen before...
www.twz.com
KD7RJC
Member
- Joined
- Jun 22, 2023
- Messages
- 101
I used to work for a company that had been a pager company before they migrated to making software and systems for other paging companies. Hell, I still have their transmitter when they folded and told 21 year old me to take whatever I wanted as we were shutting down the company.
That paging transmitter is in the 460MHz range, I couldn't tell you the exact frequency without going to look at the label, but in a nutshell all of the subscribers' pagers would be listening to that frequency, and when a page would be received they'd compare it to their subscriber settings and either store and notify the subscriber they had a page, or more likely than not would see that the page wasn't for their subscriber and just discard it. Every page was received kind of like how old hub-ethernet or coaxial ethernet worked. Basically the client would see all, but would only share to the network stack the traffic intended for the recipient.
What I expect they did was to doctor this subroutine, so in addition to listening for the subscriber's ID, they'd listen for another particular ID as well, and on receiving it, would enter a new subroutine that would evaluate the message payload associated with it and do something accordingly. After that, they would need to have physically doctored the devices so that the 1.5V battery could charge the detonator (probably something like how charging a camera flash works) before activating the detonator.
Most likely the alternate identity is for a real pager on that carrier network, just some number that was signed-up for as a subscriber. Rather than paging the individual pagers separately, just page to the number set up in the subroutine, which to the pager system is a perfectly valid subscriber, which causes all of the pagers in range and powered on to activate.
I had theorized that the radios were listening on the same exact frequency as the pagers, and if they were modern radios with an internal TNC then they would just interpret the digital data same as a pager would. They might be then listening to a different subscriber number so they could be separately activated, but it sounds like genuine Icom VC82 are not 70cm. So this could be a clone/fake that might well look like a simple 2m HT and function as a 2m HT, but could actually be a dual-band radio that is listening to the pager frequency and set to do its thing when the right page comes in, or it could be that these are legitimate Icom radios that aren't doctored at all, and the attack wasn't due to the radios, but due to the batteries.
If the batteries were the culprit then in a multi-cell battery, perhaps one of the cells was basically a pager, again, listening for a page to come in and activate the device. The damage in some of the pictures looks like it's predominantly from the batteries, with more incidental damage to the radios themselves rather than the explosions originating from inside the radios.
So it would not surprise me if a replacement cell wasn't a cell at all, and was instead a receiver that uses the very same method that the pagers used.
RFI-EMI-GUY
Member
- Joined
- Dec 22, 2013
- Messages
- 7,252
I gotta agree. In the case of the pagers, it sounds like they were tampered with by the shell company in which case they had a range of options. A battery that is an explosive and receives a signal via induction from the pager perhaps. Or a very small explosive buried on the PCB. Probably far easier in the case of the ICOM portables to introduce tampered replacement batteries into the supply chain. The buyers could have been easily deceived by a "low bidder". Putting a live receiver into the battery along with explosive would not be difficult and would be assured charging power. If they were exploiting the paging system as the trigger, programming a second or third POCSAG cap code for the nefarious purpose would be the way to go. However those are programmed by the paging system administrator, so would require someone with access, unless the administrator was very careless in leaving live DID codes vacant. Or it could just be a specific coded message in the CAP code of the target pager or pager group code. Also simple enough to fly a plane or drone overhead to mimic the UHF POCSAG signals.
KD7RJC
Member
- Joined
- Jun 22, 2023
- Messages
- 101
I expect that they simply bought a handful of pages from the services available in the country and extracted the necessary information. Or they bribed clerks for access to the new pager registration system to get that info.
As for the comments on multiple waves of detonations, that could either be due to multiple paging carriers and having to stage one the the next, or due to psychological warfare, target thinks they're safe since theirs didn't go off on prior round so it must not be compromised.
Or simply having multiple options in their doctored devices for how to initiate.
For pagers I expect that the explosive was in the pager housing, every pager I ever had used a 1.5V AA or AAA battery.
RFI-EMI-GUY
Member
- Joined
- Dec 22, 2013
- Messages
- 7,252
What I can't figure out is why the Gold Pager is so chunky. It is abnormally large. Plus in one of the post explosion pictures a broken USB cable was shown. Was that the charging cord? Or was there some special function, for example encryption in the pagers.
Ubbe
Member
One picture said it was an exploded pager when it clearly where some Icom plastic parts and the plastic casing from a power adapter for a charger with its cables cut. Some pictures had been posted on the internet many years ago so where not related to this incident but where anyhow used to throw fuel on the fire. There's lots of misinformation now.
Pagers has at least 4 different cap codes and one can be used as a group call for all pagers and the Icom radio also had a group call function. As a pager transmitter only keys up when to send a page and the Icom are probably used as a simplex radio or thru a repeater that only key up when needed, it will be easy to have a low power transmitter of your own that could easily cover the whole area if it where high up in the sky.
It's a rugged military spec pager and are more bulky than standard pagers. It's battery are charged from a USB-C cable. It's water resistant and if it's opened up it probably would need some seals replaced, so probably not something Hizbollah would do. Why would anyone open up a shipment from a factory, voiding the warranty, to have a look inside. Explosives can be disguised as a el-lyt capacitor and wouldn't anyhow be suspicious. They must have pagers and Icom radios that where powered off so can easily be dissected to know exactly have the attack where done.
/Ubbe
Pagers has at least 4 different cap codes and one can be used as a group call for all pagers and the Icom radio also had a group call function. As a pager transmitter only keys up when to send a page and the Icom are probably used as a simplex radio or thru a repeater that only key up when needed, it will be easy to have a low power transmitter of your own that could easily cover the whole area if it where high up in the sky.
It's a rugged military spec pager and are more bulky than standard pagers. It's battery are charged from a USB-C cable. It's water resistant and if it's opened up it probably would need some seals replaced, so probably not something Hizbollah would do. Why would anyone open up a shipment from a factory, voiding the warranty, to have a look inside. Explosives can be disguised as a el-lyt capacitor and wouldn't anyhow be suspicious. They must have pagers and Icom radios that where powered off so can easily be dissected to know exactly have the attack where done.
/Ubbe
robertwbob
KE0WRU
darn you guys sound like the cold war days banter. we survived that.
it might be like hauling chocolate candy creamfilled with cherry in each 1 going across I70 west of denver. ya know they will explode in that altitude
it might be like hauling chocolate candy creamfilled with cherry in each 1 going across I70 west of denver. ya know they will explode in that altitude
I think what Israel did is f'ing genius. Hezbollah was so paranoid with the phone intercepts and tracking being used to target them that they went to pagers and radios for comms. Intercept the shipments, install explosives with an activation mechanism and now they are throwing out baby monitors. Take out their communications and they can't organize as easily. And of course kill and injure as many terrorists as you can. I'll drink to that.
