Evaluating the incident where Israel detonated Hezbollah's pagers with a signal via a cyber attack, resulting in numerous deaths and thousands of injuries, Cybersecurity Expert Dr. Ahmet Şenol, Faculty Member, said, 'Citizens do not need to worry 'can my mobile phone be detonated?' based on this incident. They can continue their normal use.'
Cybersecurity Expert Dr. Ahmet Şenol also stated that as a state, every type of device supplied to security personnel, including communication devices, must be strictly controlled. He said, 'We know that mobile phones are used as a means of communication in some operations. Extreme vigilance is required, and necessary controls must be carried out at every stage of the supply chain. This incident has highlighted the importance of checking the interior of devices, especially when national security is concerned.'
Dr. Ahmet Şenol, Faculty Member at Üsküdar Üniversitesi, Faculty of Engineering and Natural Sciences, and Head of the Cybersecurity Master's Program, evaluated the incident where Israel detonated Hezbollah's pagers with a signal via a cyber attack, resulting in numerous deaths and thousands of injuries.
Pagers perform text communication, they have no camera, microphone, or audio input!
Dr. Ahmet Şenol explained that these devices, as far as is known, are pagers, also known as Pager or Beeper in English, and are technologies used in the 1980s before mobile phones and GSM. He said, 'Their main feature is text communication; they have no camera, microphone, or audio input. Pagers are still used by some healthcare personnel today. The reason for this is their very long battery life, very fast message transmission, and not being affected by the density of GSM lines. Pagers communicate via radio waves with stations that have a coverage area of 8 to 16 kilometers in cities and 8 to 80 kilometers in rural areas. They communicate in the high-frequency band (VHF, UHF).'
Mobile phones banned, pagers adopted...
'It was learned a few months ago that Hezbollah completely banned mobile phones and instructed a switch to pagers. It was understood that this was an attempt to take precautions against the possibility of Israel remotely listening to or interfering with mobile phones,' said Dr. Şenol, continuing:
'There is a concept known as 'attack surface' in Cybersecurity. The more complex a device is, and the more software loaded on it, the wider its attack surface becomes. In this respect, pagers are devices with a low attack surface.
However, if there is a vulnerability in the device's embedded software, or if the company manufacturing the pager left a backdoor for remote loading or updates, Israel or Mossad could use this backdoor to modify the device's embedded software and detonate its battery. But even in this case, there are few examples of a device's battery being detonated by sending a remote software command. Battery burning or explosion incidents we see on the Internet generally occur due to physical contact with the device or battery, or a short circuit.'
An incident beyond battery explosion…
Dr. Ahmet Şenol noted that the biggest example of physical damage caused by remote software is the activation of malware on USB sticks left at Iran's nuclear facility when plugged into the facility's computers. He stated, 'The incident known as Stuxnet is also an incident where computers managing the system sent commands to centrifuges, leading to overheating and explosion. However, in the Stuxnet incident, there was a computer controlling the heat system, like the centrifuges in a nuclear reactor. In a normal pager, at most, the battery burns, which causes only minor skin irritation. The explosions in the two example videos of the incident in question do not resemble a battery explosion and burning. There are people with severed fingers, ruptured lungs, stomachs, and faces. The belief that this is an incident surpassing a battery explosion is strong.'
Mossad's hand touched the devices somewhere in the supply chain...
Dr. Ahmet Şenol provided the following information:
'The current prevailing view is that the explosions were not battery explosions but rather plastic explosive devices ranging from 5 to 15 grams. There are rumors that the pagers were manufactured in China. Due to the embargo, such devices do not directly enter Lebanon. The current prevalent view is that Mossad's hand touched the devices somewhere in the supply chain, plastic explosive devices were placed inside them, and when a specific message consisting of alphanumeric characters was sent, the device beeped as if a message had arrived, and the explosion occurred very shortly thereafter. I also agree with this view.'
Citizens do not need to worry 'can my mobile phone be detonated?'
Dr. Ahmet Şenol stated that in known battery explosions and burnings, at most, skin irritation has occurred so far, and perhaps eardrum damage if one was talking on the phone at that moment. He noted the following:
'However, based on this incident, citizens do not need to worry 'can my mobile phone be detonated?'. They can continue their normal use. As individuals, for our health, we should not put our mobile phones right next to our beds and sleep. Of course, a device with a camera and microphone, connected to the internet, can be listened to; we should not forget this. This part actually concerns important politicians, businessmen, opinion leaders, and people with the potential to influence society more.'
'As a state, every type of device supplied to security personnel, including communication devices, must be strictly controlled. We know that mobile phones are used as a means of communication in some operations. Extreme vigilance is required, and necessary controls must be carried out at every stage of the supply chain. This incident has highlighted the importance of checking the interior of devices, especially when national security is concerned. This latest attack has entered the literature as a new type of attack. Of course, this incident also emphasizes the importance of using hardware and software developed with our own resources and designed with security elements, particularly in matters of security.'
The country's cybersecurity is a much broader issue
Emphasizing that the country's cybersecurity is a much broader issue, independent of this incident, Dr. Ahmet Şenol concluded by saying, 'Policies should be developed by considering the electricity system infrastructure, internet backbone, communication systems, and end devices all together. The entire country should be considered, and cybersecurity awareness should be instilled in individuals, institutions, and companies.'