Surge in ‘SMS Blaster’ Attacks Leaves smartphones Vulnerable to Location-Based Scams

A growing wave of sophisticated text message attacks is bypassing customary network security measures, putting millions of smartphone users at risk. Google has issued warnings, particularly to Android users, urging them to adjust their device settings to mitigate the threat posed by these malicious campaigns.

These attacks utilize what cyber agencies describe as SMS blasters – essentially “portable mobile phone stations” capable of intercepting signals and sending manipulated text messages. According to security experts, these devices, “carried in a rucksack,” leverage technology known as cell-site simulators, also referred to as False Base stations (FBS) or Stingrays, to trick phones into connecting as if they were legitimate cell towers. This repurposed surveillance technology circumvents standard network defenses.

“this method to inject messages entirely bypasses the carrier network,” Google explains, “bypassing all the sophisticated network-based anti-spam and anti-fraud filters.” The attacks, which escalated after initial warnings were issued last summer, primarily exploit vulnerabilities in 2G networks, which lack the robust security and encryption found in newer 5G, 4G, and even 3G connections.

The process involves “downgrading the user’s connection to a legacy 2G protocol,” which “abuses the well known lack of mutual authentication in 2G and force connections to be unencrypted.” This creates an prospect for a man-in-the-middle attack allowing attackers to inject malicious SMS payloads.

Why are these attacks happening? Cybercriminals are exploiting weaknesses in older 2G networks to conduct large-scale scams. These attacks aren’t focused on individual targets, but rather on broadcasting messages to anyone within range of the SMS blaster. Who is at risk? Primarily Android users, due to the vulnerabilities in 2G networks and the broader availability of devices still capable of connecting to them. iOS users are less vulnerable, but not immune.

Fortunately, mitigation strategies are available.Google introduced a user option in Android 12 to disable 2G connectivity at the modem level, a feature initially implemented on Pixel devices. Utilizing this setting effectively eliminates the risk from SMS blasters. Moreover, Google’s Advanced Protection Mode, available with Android 16, completely disables 2G connections. Samsung’s Maximum Restrictions, now the default setting on new phones, also provides users with the ability to disable 2G, though it is indeed not a mandatory configuration.

Unlike targeted scams that focus on individual phone numbers, SMS blasters operate on a broader scale. One analyst noted that these attacks target location rather than specific individuals, “blasting” out thousands of messages to devices in a given area.

This presents a important security disparity between Android and iOS devices. Currently,android offers a direct option to block 2G connectivity. Apple users, though, are limited to relying on the new spam filtering features in iOS 26 and avoiding clicking links from unknown senders.While Apple’s Lockdown Mode does block 2G, it’s considered an extreme measure. A senior official stated that the mode’s extensive restrictions on popular features make it impractical for everyday use.

How did it end? As of now, the attacks haven’t “ended,” but mitigation efforts are underway. Google and Samsung have implemented features to disable 2G connectivity, reducing the attack surface. Apple is relying on spam filtering and encourages users to avoid suspicious links. The long-term solution involves the complete phasing out of 2G networks, a process