The microcontrollers inside the pagers probably have a spare GPIO pin, so they'd just have to modify the software and attach the detonating electronics to that gpio pin.

Since i'm supposedly "posting too fast", to answer the post below:

> Just curious, is it possible to program the pins so that it triggers by wireless or satellite command? With that scale I don't think wireless is possible though.

Technically it is, but requires additional electronics and antennas. It's much easier to just use the existing pager network and trigger when some specific message (or pager code) is detected. Paging networks are simple to implement.

It seems pretty plausible that the actual supply chain attack here would have been Israel subbing out whole shipping crates of pagers for sabotaged devices Israel manufactured itself, which would allow for arbitrary complex designs.

Maybe they bought a large quantity of pagers from the same supplier and modified beforehand? I think a few grams of high explosives is good enough.

Just curious, is it possible to program the pins so that it triggers by wireless or satellite command? With that scale I don't think wireless is possible though.

the pager is already wireless. So adding functionality to trigger wirelessly (over the phone network) is trivial. And it can trigger only with a special message.

Yeah you are probably right. I'm an electronics newbie and don't know exactly how pagers work in wireless. I'm going to read some material on it.

Thanks, I wonder how does one do that. I'll probably need to read how pagers work.

My best guess is explosively formed penetrator in the display.

I don’t think wholesale replacement of the pagers was likely to work for a number of reasons.

They had to go one step up the supply chain.

The EFP display could be set to trigger on a certain message, or even the clearing of a certain message, which in devices without said display would do nothing.

The display is most likely to be pointed at the user’s face, or opposed to their waistline (EFPs sort of fire both ways but in one axis.

The battery, if it were a cylinder as would be likely, would fire tangentially, likely not hitting much.

A prismatic battery would make a good place for an EFP but difficult to interface with and likely requires a second compromised component.

Theory: A prismatic battery with an explosive core and an electronic fuse swapped to trigger the explosive instead of disconnect the battery. Firmware change to short the battery. No visible signs of tampering even in iFixit like conditions.

The best evidence we have now suggests that the devices used had removable (AAA) batteries, not built-in batteries.

If I was buying pagers and had previously been hit by intelligence ops I would be buying batteries in random supermarkets.

I'm looking at pager teardowns and there's nothing even close to the volume of the battery in there. Big transistor and the speaker housing.

Which sort of leans back toward the theory that nobody checked the pagers at all.

15g of explosives is sufficient, probably, based on the analysis I’ve seen.

15g of explosives is not very big.

The speaker is another potential home, that is a good point. Big cone and heavy magnetics.

This display weighs 15g, and uses cheap glass and old liquid crystal: https://www.crystalfontz.com/product/cfag12864u3nfhe11-128x6...

Would someone be able to make one that worked but weighed eg five grams, then fill the rest with explosive? Would anyone be able to discern that the back of the glass wasn’t liquid crystal but explosive, especially as they are usually taped over?

What would happen if you walked through airport security with such a device?

Nothing, they aren’t looking for 2”x1” sheets of copper within electronic devices, and presumably the thin layer of explosives would be sealed and washed.

Might be a hardcoded date and time. Does the legit pager messaging network give the time? If not, continually powered digital clocks drift slowly.