INDIANAPOLIS -- Google is warning customers about a new way scammers are using technology to go after victims with text fraud.
So-called “SMS blasters” are like miniature cell phone towers that put out a signal that can trick your smartphone into connecting to it instead of your regular network. The devices are small enough for crooks to drive around with in their car. There have been some reports of scammers walking around with them in their backpacks.
If you’re close enough to an active SMS blaster, your phone might automatically connect to it instead of your regular Verizon, AT&T or other network signal. If that happens, you can be in trouble because the signal from the SMS blaster bypasses all the security filters your network uses to block spam calls and texts. That means the bad guys can “blast” you with as many messages as they want as long as you’re connected to their signal.
When it comes to protecting yourself, there’s good news and bad news. SMS blasters use the mostly obsolete 2G network; network carriers don’t use it or support it anymore, but phones can still connect to it if there’s a signal. Google says Android users can go into their settings and disable 2G on their phones. If you do that, you’re safe from these devices--your phone won’t connect to them.
However, there is currently no way to specifically disable 2G on the iPhone without putting it in lockdown mode. That means iPhone users could potentially be more at risk from these devices right now. It is possible that Apple could make this an option at some point.
In the meantime, here is what Google says about disabling 2G and protecting your Android device:
Android protects users from phishing and fraud
There are a number of Android-only security features that can significantly mitigate, or in some cases fully block, the impact of this type of fraud.
Android 12 introduced a user option to disable 2G at the modem level, a feature first adopted by Pixel. This option, if used, completely mitigates the risk from SMS Blasters. This feature has been available since Android 12 and requires devices to conform to Radio HAL 1.6+.
Android also has an option to disable null ciphers as a key protection because it is strictly necessary for the 2G FBS to configure a null cipher (e.g. A5/0) in order to inject an SMS payload. This security feature launched with Android 14 requires devices that implement radio HAL 2.0 or above.
Android also provides effective protections that specifically tackles SMS spam and phishing, regardless of whether the delivery channel is an SMS Blaster. Android has built-in spam protection that helps to identify and block spam SMS messages. Additional protection is provided through Verified SMS, a feature that helps users identify legitimate SMS messages from businesses. Verified SMS messages are marked with a blue checkmark, which indicates that the message has been verified by Google.
We advocate leveraging a couple of important Google security features which are available on Android, namely Safe Browsing and Google Play Protect. As an additional layer of protection, Safe Browsing built-in on Android devices protects 5 billion devices globally and helps warn the users about potentially risky sites, downloads and extensions which could be phishing and malware-based.
Let’s say a user decides to download an app from the Play store but the app contains code that is malicious or harmful, users are protected by Google Play Protect which is a security feature that scans apps for malware and other threats. It also warns users about potentially harmful apps before they are installed.