If you own a cellphone, especially an iPhone, it’s crucial to be aware of a new hacking technique used by cybercriminals. Known as SMS Blaster, this term refers to the illegal use of FBS (fake base stations) and cell-site simulators to broadcast malicious SMS payloads. Attackers commonly use these devices to distribute smishing (SMS phishing) messages, often by driving around with portable FBS devices. Some reports even describe fraudsters carrying these devices in backpacks.
The attack exploits vulnerabilities in mobile networks by tricking devices into connecting to a fake 2G network. SMS Blasters emulate an LTE or 5G network but force devices to downgrade to the less secure 2G protocol. Once connected, attackers exploit the lack of mutual authentication in 2G, leaving connections unencrypted. This allows them to assume a person-in-the-middle (PitM) position, enabling the injection of malicious SMS messages.
What makes SMS Blasters particularly concerning is their accessibility. These devices are readily available online, easy to configure, and require minimal technical expertise. Users can quickly set them up to impersonate specific carriers or networks using a mobile app. They can also customize the SMS payloads, including metadata such as the sender number, making the attacks appear more authentic.
Android users can take preventive measures by disabling 2G connectivity. To do this, go to Settings > Network & Internet > SIMs, and toggle off Allow 2G. Unfortunately, iPhones currently lack an equivalent setting to disable 2G, leaving users more vulnerable to this type of attack.
I get those fake ups text messages, theyre so irritating ugh.
They are definitely a pain. Anyone receiving those messages can report it as junk when deleting the message and take a screenshot of the message and send it to fraud@ups.com