The causes are chemistry way above my pay scale, and quite dependent on the exact tech involved. But the electrolyte will have a solvent containing hydrocarbon groups (ethyl/methyl) hanging off it, it's probably that breaking down, and how it does that probably depends on the salt in solution. Sorry, lots of don't knows there.
I think all the semi-recent mobile-device batteries I've encountered (all Nokia branded, most legitimate ones manufactured by Sanyo and Samsung, IIRC) have had overcharge protection on the battery itself. The chip on the motherboard of the phone that is responsible for charging also has overcharge protection in software, but that's highly proprietory. By hacking with that you could charge the battery in a way that would be deleterious to the long life of the battery, but the on-battery protection would still kick in if it detects a problem. I do have a slight pillow here I've been meaning to dispose of for a few weeks - but I'm reticent to try to pull it apart to examine exactly what the hardware protection actually consists of lest it does a big burny thing.
Anyway, to confirm, this is indeed not something that can be expoited remotely on a phone that hasn't been previously modified.
I agree. Batteries are managed by dedicated integrated circuits, now I don't know what exactly is used on, say, cell phones, but, depending on the type of integrated circuit (IC) used, if it has a connection with the processor (not everyone does) it's possible to tamper with it by software. For instance, this is the programming map of an IC called
BQ62528E:
By tampering with the registers via software one could modify, for instance, the charge current and voltage limits, possibly imposing stress conditions on the battery which would decrease its life and, in time, even result (if one is unlucky) in an internal short-circuit, with the battery then taking fire. But no way the battery can be made to 'explode' (or even detonate) in this way, and no way to know the exact time when the stressed battery will fail.
Short-circuiting the battery from the outside would be a much better method to set it reliably on fire, but this is extremely improbable because one would need a specific circuit to do that (say, a robust transistor between the battery poles) and I can't really see a reason why a sane engineer would include such a 'suicide' circuit in his/her cell phone design. Notice this could be different, for instance, in an electric car: in that case voltage an currents are much higher and there actually are big transistors which can hard short-circuit the battery in case something goes wrong (a condition known as "shoot-through"), however engineers know that (nobody trusts the software!) and add different kinds of protections to avoid that, the most basic being a couple of logic gates (a cost of a few cents) which make it impossible to turn on a transistor when it shouldn't, whatever the software does. In a well-designed system one could surely overstress a battery, as with the cell phone, and degrade the batteries (and/or the transistors and other devices), but with no real guarantee to be able to cause a catastrophic damage.
- Are batteries dangerous? Yes, of course, as anything which stores much energy in a small space.
- Should I worry about my cell phone or electric car batteries taking fire? Well, a little, just as you should worry about the gasoline tank catching fire if you use a gasoline car. Notice also technology is constantly improving (as it did for gasoline tanks) and batteries are constantly getting safer.
- Should I worry about my cell phone or electric car batteries catching fire due to someone hacking my device? Well, a little, but I'd say at least one order of magnitude less than point 2.
Without tampering with the device, provided it's been properly designed, it's very difficult to convert it into a reliable weapon. My bet at the moment is the pagers were tampered with, adding a small explosive charge triggered by the software responding to a specific incoming message.
PS.: I've also read somewhere the pager where planted with explosive which was then detonated by overheating the batteries. This is possible but I think improbable, because it would have been little reliable, and it makes litle sense to go all the way to intercept a shipment of pagers, open them and tamper with them adding a few grams of explosive and a malicious software without also adding a detonator and get a reliable and precisely timed explosion.