Is there a pager model sophisticated enough to accept remote firmware updates (or whatever condition for a software exploit) but lacking a battery protection IC? Otherwise wouldn't sabotage elsewhere in the chain be more likely?
It was most likely a supply chain attack integrating explosives into the pagers, this article [1] says the affected devices were from a recent shipment. The explosions are way too violent for malfunctioning batteries.
