When Google makes a recommendation or advice, it is better to listen to it. If recently the Menlo Park company explained that we are using the magic functions of Google Photos incorrectly, just a couple of days ago it published an entry in its security blog to Keeping your Android devices safe from text message fraud.
More specifically, it has to do with mobile connection to 2G or GSM networks. From that point on, the doors would be opened to receiving SMS messages containing phishing and spam. The key is that the antennas to which we have connected are not those of our trusted telecommunications company (the official infrastructure), but rather we would have established contact and communication with portable antennas that impersonate them.
What are SMS Blasters?
As Google itself details, this is the term used by operators to refer to small portable antenna stations that supplant the official operator network (they even fit in backpacks). Once they have established this fake network, they are responsible for bombard with fraudulent SMS (smishing) to connected devices.
Google warns that its implementation is very simple: just place the device in an area with a high concentration of potential victims and emit a 4G/5G signal so that the terminals degrade the connection to 2G, to that false 2G network that is controlled by an attacker. Why 2G?
Because it is a protocol that lacks bidirectional authentication, that is, The network does authenticate the client but not the other way around.From here, and taking advantage of the fact that the connections are not encrypted, these SMS are injected.
Much of the danger of SMS Blaster is that, as Google says, these devices are sold on the Internet and do not require too much technical knowledge to get them up and running, since their configuration is relatively easy and they are almost ready to go into action to impersonate a network operator. It is also possible Configure and customize SMS payload, message fields, and their metadataincluding the sender’s number. This makes it possible to make the message look like an authentic SMS from the bank.
One more important fact: mobile devices are vulnerable to this type of fraud if they support 2G connectionregardless of your local carrier’s 2G status.
How to protect your Android phone
Fortunately, there are security features that can drastically reduce this risk and even block it completely. The veteran GSM or 2G has been around for over 30 years, although during this time, various weaknesses have appeared in this technology. One of them allows mobile phones to connect to any network, enabling man-in-the-middle attacks in which attackers place equipment to capture communications and data exchanged on the network.
For this reason Google implemented the option of Disable 2G on your mobile in 2022 with Android 12, something you can do from ‘Settings‘ > ‘Network and Internet‘ > ‘SIMs‘ (on Google Pixel, the route may vary depending on the brand or model). This way, your phone ignores 2G networks except for making an emergency call to 112.
In order to bombard with SMS, this fake network tells the mobile not to use encryption, but since Android 14 and for those terminals that implement HAL 2.0 radio or higher, Google has implemented the option of reject networks with null cipher or null ciphers.
Finally, Google’s recommendations include having anti-spam protection in place to identify and block unwanted SMS messages, as well as the verified SMS feature to better identify legitimate messages from businesses (with a blue check mark).
Cover | Daniel Vega (Xiaomi World)