The recent reports of mysterious explosions of communication devices held by Hezbollah operatives have sparked significant interest in the Israeli cyber industry, prompting questions like "Is it possible to remotely control communication devices through cyber means?" and "What are the implications of such an event?"
Magen Margalit, Digital VP at CodeValue software house, explains that the feasibility of such an operation stems from the fact that communication systems have become more advanced and digital. "In the past, communication systems were analog, making it difficult to penetrate their content. Today, advanced communication systems operate on multiple frequencies and some are based on internal wireless and cellular networks. This creates more vulnerabilities and entry points - and when you penetrate the communication network, you can reach all endpoints - that is, the communication devices themselves."
The next stage, according to Margalit, is remote control of the endpoints. "Usually, the goal of penetrating a communication network is to listen to transmissions and locate positions, but using code, you can also cause the device itself to perform various actions it's not designed for - for example, running in a loop that causes the device to overheat, which could lead to the explosion of a battery or component."
Margalit suggests another scenario: "A second scenario is not penetrating the communication network, but the supply chain of device production and implanting a malicious component. However, this is a complex event, as you need to penetrate the supply chain at specific points to ensure the devices only reach who you want them to reach."
Ophir Zilbiger, leader of cyber activity in the EMEA region at BDO consulting firm, believes that the event, regardless of its exact circumstances, should also raise red flags in Israel's business sector. "We saw in the Russia-Ukraine war how wartime cyber operations also spill over into the business and civilian sectors, after a cyber attack allegedly carried out by Russia affected Ukrainian and Western businesses."
Zilbiger emphasizes the importance of taking immediate preventive measures. "Regardless of the circumstances of the event in Lebanon, it's certainly possible that retaliatory actions will be cyber in nature and also aimed at businesses and civilian organizations. Therefore, at least at the immediate level, any organization that wants to maintain its resilience in these days of heightened risk should at least know who to turn to and what to do in case of an attack or crisis."
Israel Hayom contributed to this article.