Lebanon's exploding pagers expose unseen flaws in global supply chains

The pager and walkie-talkie explosions in Lebanon on two days in mid-September added a new and very scary dimension to the conflict in West Asia. At least 40 people died, and thousands were injured. It was perhaps a matter of luck that none of the compromised devices were on an aircraft in flight.

According to reports, Hezbollah had started to use pagers and walkie-talkies around February 2024, suspecting that Israeli security agencies were monitoring cell phone networks.

The pagers in question were branded as Made-in-Taiwan, by a Taiwanese company, Gold Apollo. But they were “manufactured” by another entity, BAC Consulting, which is based in Hungary. Both BAC and the Hungarian government claim the devices were actually made by somebody else and merely marketed by BAC.

The New York Times says an Israeli agency set up a manufacturing unit and inserted plastic explosives into the devices. Gold Apollo says the financial transactions between Hungary and Taiwan pertaining to the pager were routed through financial entities in West Asia.

In this case (and with the walkie-talkies, which have similarly complicated provenance), the supply chain was obviously infiltrated by a malicious actor. But the supply chain and transaction chain is typical of many types of normal transborder arrangements in a globalised economy.

Company A, based in one nation, may sell products  in many other nations, while sourcing components from multiple places and assembling them elsewhere. The pertinent intellectual property or properties may also be spread across many jurisdictions.

It all boils down to cost and logistics. Labour may be cheaper in one country, while another may offer better economies of scale for certain components, with R&D taking place elsewhere. Transhipment costs, tax and tariff rates, and trade agreements also come into the picture.

India, for example, is trying to move up the value chain with the manufacture of electronics, telecom networking equipment, and other items, using production-linked incentives, and other policy sweeteners. In automobiles, India is a major global export hub, with some companies looking only at vehicle exports from their India facilities.

While the entities based in India source many components domestically, many more components are also imported from multiple places, with the final turn of the screwdriver applied by desi labour.

It makes for economic efficiency. But it also means components arriving from all over the place for assembly, with some of those components themselves assembled from parts sourced elsewhere. A Korean component may have sub-components sourced from Thailand or Vietnam. In addition, it may make sense to route marketing for these through entities parked elsewhere.

Since a modern consumer electronics item, a car, or network equipment may have thousands of components, it’s almost impossible to untangle the supply chains.

The global economy took a massive hit during Covid because of this entanglement. While there was famously a global shortage of semiconductors (chips), and of bulk drugs, other industrial items were randomly in short supply because one place or another from where those items were sourced was in lockdown.

A further complication is caused by the embedding of chips and sensors into all sorts of “smart stuff”. Chips are literally there in everything, and as the Internet of Things becomes more common, chips are proliferating exponentially.

Chips are run by embedded software, which is impossible to decipher or alter in most cases. So, there may be backdoors or malicious code wired into them, which are effectively impossible to detect.

Note that the pagers worked perfectly well for months until they were triggered to explode. It would be possible to render any given chip non-functional upon contingency, if there was specific code written into it. The fear of such backdoors is one reason why many countries are wary of sourcing telecom and power equipment from China.

This is a nightmare scenario that many analysts have spoken about. The pager attack turned it into reality. Every security agency and terrorist network will be gaming variations of this.

It is a security nightmare, given the impossibility of checking every electronic component of every device in existence. A globalised economy is truly vulnerable in ways we can barely comprehend.