ISLAMABAD (Kashmir English): Google has released an alert to smartphone users of a rising tide of SMS scams or SMS based cyberattacks that are capable of evading network-level security and targeting mobile devices directly.
According to the company, the attacks exploit vulnerabilities in older 2G networks, enabling scammers to send compromising texts undetected.
How the Attack Works
The danger lies in handheld units called SMS blasters or cell-site simulators that function as spurious mobile towers. The units, also referred to as False Base Stations (FBS) or Stingrays, have the capability of intercepting mobile communications and sending manipulated SMS messages that seem to be from genuine parties.
Once their surrounding phones get connected to these imitated towers, criminals can inject fabricated messages straight into the phone, circumventing anti-fraud and anti-spam filters employed by operators. The messages are usually indistinguishable from real texts, making it virtually impossible for users to realize that they have been attacked.
Originally designed to facilitate surveillance, this tech is being employed to perpetrate wide-scale scams and fraud campaigns that send messages to thousands of nearby devices.
Threat to 2G Networks
These attacks predominantly rely on compelling smartphones to use 2G networks, which do not have contemporary encryption and authentication protections. By dropping a device from 4G or 5G to 2G, attackers can carry out man-in-the-middle attacks, intercepting and tampering with unencrypted traffic.
“Reducing the user’s link to a legacy 2G protocol exploits the absence of mutual authentication and renders connections unencrypted,” Google said. This enables attackers to deliver malicious text messages that evade regular carrier defenses.
How to Stay Protected
Google has recommended to users that they turn off 2G connections to shield themselves against such attacks. “Android 12 added an end-user option to disable 2G at the modem level,” the company said, adding that the setting “eliminates the threat from SMS blasters.
The feature has subsequently been made wider in Android 16, where Advanced Protection Mode will block 2G networks by default. Samsung has also enabled this protection under its Maximum Restrictions mode, allowing users to manually switch off 2G.
More difficult for iPhones
Apple users have fewer choices. iPhones do not have a built-in feature to block 2G connections as standard. Lockdown Mode alone, for high-risk users, blocks 2G and 3 G networks but also restricts a number of other important functions, so it is not fit for everyday use.
Security specialists caution that such attacks are becoming increasingly prevalent, as scammers now target whole places rather than a single phone number. By sending out false SMS messages to all devices in range, attackers can target thousands of users simultaneously.
