Reuters news report about Icom radios:
Ok. I thought I read somewhere that this batch of radios and pagers were ordered and supplied (maybe even made in knockoff factories, or refurbished) around 6 months ago. However this might just be a fabricated memory because I don't remember where I heard that. At the least I suspect custom firmware, and possibly hardware as I have experienced several crappy batteries overheating and they rarely explode with that much force (I did have an HT light on fire once though). Very curious and possibly scary topic indeedI don't think it was c4 there is no way. It was 2 separate attacks that happened on two different days. For them to send out a tone to explode these radios individually. And if they came loaded with c4 from the factory, as far as the radios go, these radios have been in rotation for a while now. So that would mean they planted the explosives in the factory years ago. The employees at the factories and the supervisors and the border patrol and customs of those countries that the radios had to cross and so many other people who have to have been in on it. From the look of some of these radios only the battery was missing, to be able to plant explosives on them and make them explode outwards towards the battery and not damage the radio is another level.
What kind of worries me is what if they have been able to create some form of tech that they can activate that can cause radios, phones, pagers, or any other electronics to overheat and cause the batteries to explode. Then basically we are all walking around with a bomb in our pockets. Kinda reminds me of that movie the Kingsman with the SIM cards.
More Electronics Explode In Lebanon As Israel Declares ‘New Phase’ Of War
The detonation of thousands of devices along with other developments may be a precursor to a full-on Israeli military operation against Hezbollah in Lebanon. Another wave of exploding electrical devices has further stoked fears of a full-scale conflict between Israel and Lebanon.www.twz.com
I’m thinking they went far enough to have custom firmware. The explosion command wasn’t part of the code plug, but was baked into firmware so they did program the radios themselves and there was no way to know about or disable the ‘advanced stun/kill’That first picture shows an explosion from the top of the circuit board side but another picture show an explosion at the middle of the radio from the battery side. But if the explosive where placed in a battery it would be too difficult to ignite the explosives. The same with the single AA battery in those pagers.
The other reported explosions, without any pictures or evidence, from solar cell batteries and other devices are probably just misinformation and could be from one single instance of a normal overcharge failure and not really any explosion and could have happened at a different time not related to the incidents in recent days.
Pagers can be programmed with a group call and the Icom V82 can be programmed with a DTMF group call and that specific alert output can be used to trigger a small explosive. Those group calls can be sent on their frequencies from an airplane or drone or a high mountain top. But that also means that Hizbollah didn't program their devices themselves.
That BAC company in Budapest that sold those pagers are a one woman company and are rumored to be run be Israel agents that then had access to the shipment before it where sent to Hizbollah. Maybe those Icom's where also purchased thru that BAC company.
/Ubbe
It was said that Hizbollah began to suspect foul play with their pagers and was the reason to trigger the explosions now before they where disabled.I’m thinking they went far enough to have custom firmware. The explosion command wasn’t part of the code plug, but was baked into firmware so they did program the radios themselves and there was no way to know about or disable the ‘advanced stun/kill’
That or they just heard a lot of rumors or some emails/phone calls got found or something. I hope we get some articles about the technical side and backstory of this eventually.It was said that Hizbollah began to suspect foul play with their pagers and was the reason to trigger the explosions now before they where disabled.
It might have been someone that had downloaded the pager program software to replace a broken pager and wanted to move the user ID to another spare pager and looked at the codeplug and discovered a strange group call that wasn't ordered to be included in their programming and they started to investigate the reason for this. I can't think of any other reason why they would suspect that the pagers where not legit.
/Ubbe
Keep an eye on twz.I hope we get some articles about the technical side and backstory of this eventually.
I used to work for a company that had been a pager company before they migrated to making software and systems for other paging companies. Hell, I still have their transmitter when they folded and told 21 year old me to take whatever I wanted as we were shutting down the company.After having read all these ideas, I understand a somewhat logical reason for all the pagers going off, but I am having a problem with the radios..were these radios turned on or off at the time since this could affect the possible detonation source unless there was a very small timer and explosives in each radio. Obviously limited space to add much to them. Wonder if the radios were working normally up to the explosion.
I gotta agree. In the case of the pagers, it sounds like they were tampered with by the shell company in which case they had a range of options. A battery that is an explosive and receives a signal via induction from the pager perhaps. Or a very small explosive buried on the PCB. Probably far easier in the case of the ICOM portables to introduce tampered replacement batteries into the supply chain. The buyers could have been easily deceived by a "low bidder". Putting a live receiver into the battery along with explosive would not be difficult and would be assured charging power. If they were exploiting the paging system as the trigger, programming a second or third POCSAG cap code for the nefarious purpose would be the way to go. However those are programmed by the paging system administrator, so would require someone with access, unless the administrator was very careless in leaving live DID codes vacant. Or it could just be a specific coded message in the CAP code of the target pager or pager group code. Also simple enough to fly a plane or drone overhead to mimic the UHF POCSAG signals.I used to work for a company that had been a pager company before they migrated to making software and systems for other paging companies. Hell, I still have their transmitter when they folded and told 21 year old me to take whatever I wanted as we were shutting down the company.
That paging transmitter is in the 460MHz range, I couldn't tell you the exact frequency without going to look at the label, but in a nutshell all of the subscribers' pagers would be listening to that frequency, and when a page would be received they'd compare it to their subscriber settings and either store and notify the subscriber they had a page, or more likely than not would see that the page wasn't for their subscriber and just discard it. Every page was received kind of like how old hub-ethernet or coaxial ethernet worked. Basically the client would see all, but would only share to the network stack the traffic intended for the recipient.
What I expect they did was to doctor this subroutine, so in addition to listening for the subscriber's ID, they'd listen for another particular ID as well, and on receiving it, would enter a new subroutine that would evaluate the message payload associated with it and do something accordingly. After that, they would need to have physically doctored the devices so that the 1.5V battery could charge the detonator (probably something like how charging a camera flash works) before activating the detonator.
Most likely the alternate identity is for a real pager on that carrier network, just some number that was signed-up for as a subscriber. Rather than paging the individual pagers separately, just page to the number set up in the subroutine, which to the pager system is a perfectly valid subscriber, which causes all of the pagers in range and powered on to activate.
I had theorized that the radios were listening on the same exact frequency as the pagers, and if they were modern radios with an internal TNC then they would just interpret the digital data same as a pager would. They might be then listening to a different subscriber number so they could be separately activated, but it sounds like genuine Icom VC82 are not 70cm. So this could be a clone/fake that might well look like a simple 2m HT and function as a 2m HT, but could actually be a dual-band radio that is listening to the pager frequency and set to do its thing when the right page comes in, or it could be that these are legitimate Icom radios that aren't doctored at all, and the attack wasn't due to the radios, but due to the batteries.
If the batteries were the culprit then in a multi-cell battery, perhaps one of the cells was basically a pager, again, listening for a page to come in and activate the device. The damage in some of the pictures looks like it's predominantly from the batteries, with more incidental damage to the radios themselves rather than the explosions originating from inside the radios.
So it would not surprise me if a replacement cell wasn't a cell at all, and was instead a receiver that uses the very same method that the pagers used.
I expect that they simply bought a handful of pages from the services available in the country and extracted the necessary information. Or they bribed clerks for access to the new pager registration system to get that info.I gotta agree. In the case of the pagers, it sounds like they were tampered with by the shell company in which case they had a range of options. A battery that is an explosive and receives a signal via induction from the pager perhaps. Or a very small explosive buried on the PCB. Probably far easier in the case of the ICOM portables to introduce tampered replacement batteries into the supply chain. The buyers could have been easily deceived by a "low bidder". Putting a live receiver into the battery along with explosive would not be difficult and would be assured charging power. If they were exploiting the paging system as the trigger, programming a second or third POCSAG cap code for the nefarious purpose would be the way to go. However those are programmed by the paging system administrator, so would require someone with access, unless the administrator was very careless in leaving live DID codes vacant. Or it could just be a specific coded message in the CAP code of the target pager or pager group code. Also simple enough to fly a plane or drone overhead to mimic the UHF POCSAG signals.
What I can't figure out is why the Gold Pager is so chunky. It is abnormally large. Plus in one of the post explosion pictures a broken USB cable was shown. Was that the charging cord? Or was there some special function, for example encryption in the pagers.I expect that they simply bought a handful of pages from the services available in the country and extracted the necessary information. Or they bribed clerks for access to the new pager registration system to get that info.
As for the comments on multiple waves of detonations, that could either be due to multiple paging carriers and having to stage one the the next, or due to psychological warfare, target thinks they're safe since theirs didn't go off on prior round so it must not be compromised.
Or simply having multiple options in their doctored devices for how to initiate.
For pagers I expect that the explosive was in the pager housing, every pager I ever had used a 1.5V AA or AAA battery.