Google has urged Android smartphone owners to turn off 2G networks due to their poor security, which allows fraudsters to send fake text messages to devices on behalf of various large companies. The vulnerability of 2G networks enables attackers to use cell site simulators, also known as false base stations (FBS) or Stingrays – radio devices that imitate real cell sites to intercept mobile device connections. According to a report by Google, the use of FBS for financial fraud has increased in recent years.
The GSMA’s Response and Android’s Protective Measures
The GSMA Fraud and Security Group (FASG) has developed a white paper for GSMA members to raise awareness of SMS Blaster fraud (a term for FBS and cell site simulators) and provide mitigation guidance to telecom operators, OEMs, and other stakeholders. The white paper, available only to GSMA members, outlines some Android-specific recommendations and features that will help effectively protect users from this new type of fraud.
While operators typically use special spam filters to make it difficult for scammers to distribute phishing SMS, using FBS allows fraudsters to completely bypass these protective mechanisms. As a result, malicious messages can reach victims, appearing to come from numbers of different companies, including banks. For example, hundreds of thousands of devices in the US recently received messages disguised as notifications about health insurance.
To address this security concern, Android 12 now includes the ability to disable 2G at the modem level. This option completely protects users from the risk of receiving fake SMS. It’s important to note that even when 2G is disabled, the emergency call function continues to work, adds NIX Solutions.
We’ll keep you updated on any further developments regarding this security issue and any additional measures that Google or other tech companies may implement to protect users from SMS-based fraud. In the meantime, Android users are advised to consider disabling 2G on their devices to enhance their security against potential SMS scams.