[ilikeitdark]

Question: what's the possibility of doing this with non-tampered with modern mobile phones?

Many phones today have a 5000mah battery, which I'm assuming could be triggered to overheat via a malicious app or webpage. Imagine this being used on a grand scale.

[talldayo]

It's not easy. Lithium-ion batteries are designed to withstand heat without presenting an immediate or non-obvious threat to the user. The easiest way to cause a pyrotechnic discharge is to penetrate the battery itself, and even that isn't terribly explosive (here's a laptop battery "exploding": https://youtu.be/oieH2wwDGzo )

If someone did try heating up your phone to implement such an attack, you would feel it burning through your denim pockets long before it hits 210f. Futhermore, both phone SOCs and battery firmwares tend to implement emergency shutoff contingencies for when the phone overheats. Without prior tampering, nothing will really behave like it does in this attack. It is 100% a supply-chain threat.

[moffkalast]

I seriously doubt there is any way at all for software to trigger a dead short, and even if you did, the path would burn out quickly and the hardware only BMS part would cut power due to the massive voltage drop.

[cebu_blue]

OK you just have to prevent it on OS level tbab. So the battery temperature doesn't go higher than a certain level.