Text messages (SMS) have become one of the most common ways for threat actors to try and scam victims. SMS blasters are a type of cell site simulator, which are portable devices that impersonate legitimate mobile networks to trick nearby devices to connect to them. Threat actors use SMS blasters to carry out SMS phishing attacks (known as smishing) and other malicious activities designed to steal sensitive or financial information or spread disinformation. This publication offers information on the threats posed by SMS blasters and how to best protect yourself.
On this page
How SMS blasters work
SMS blasters can impersonate cellular towers to take advantage of inherent or unpatched vulnerabilities found in older second generation (2G) network standards that are still supported by modern devices. 2G network standards do not enforce authentication or encryption between the mobile device and the network.
SMS blasters can broadcast higher power signals such as fourth generation (4G) and fifth generation (5G) network signals to trick nearby devices into connecting by broadcasting a stronger signal than the current connection. After the connection has been established, the SMS blaster will attempt to downgrade the device to 2G mode. This allows threat actors to bypass the protections and filters implemented by mobile network operators (MNOs) to protect their customers.
Threats posed by SMS blasters
SMS blasters pose many threats to devices within range of a compromised device. These threats include:
Smishing and fraud
Smishing is a scam in which threat actors send fraudulent messages that look legitimate to trick victims into clicking links and attachments or sharing sensitive information. SMS blasters allow threat actors to quickly send thousands of smishing messages to mobile devices within the coverage area of the device. The messages can be generic or tailored for a specific scenario, such as sporting events or conferences, or to a source, such as bank authentication PINs.
When bypassing MNO network security, the links in SMS messages are not analyzed and can’t be assessed for legitimacy. This makes it easier for threat actors to impersonate legitimate businesses and their websites. Smishing scams bypass network security, making them, and the links found in them, more dangerous.
Smishing scams can lead to fraud with compromised credentials, unauthorized transactions and identity theft. For more details on smishing, see the Cyber Centre’s Smishing: Protect yourself from SMS attacks (ITSAP.00.103).
Misinformation, disinformation and malinformation
By using SMS blasters to conduct smishing and fraud, threat actors can spread misinformation, disinformation and malinformation (MDM). The threat can target all devices within the coverage area of the SMS blaster and spread MDM concerning a specific source or event. Spreading MDM in this context is a serious concern. It can cause harm by manipulating individuals and organizations into thinking there is a conflict or urgency.
Service disruption
SMS blasters can cause dropped calls, slow data speeds and strain mobile infrastructure by downgrading connected devices to the 2G network. This can affect emergency calls and connection to Internet of Things (IoT) devices.
Privacy and data loss
SMS blasters can collect sensitive data that includes identifiable information, such as:
- unique subscriber identification (international mobile subscriber identity (IMSI))
- unique device identification (international mobile equipment identity (IMEI))
- user locations
Threat actors can further use this information as entry points for more advanced cyber campaigns.
How to protect against SMS blasters
MNOs, device manufacturers and end users should consider the following mitigation strategies to protect mobile devices from SMS blasters.
Mitigation strategies for mobile network operators
- Detect and respond quickly:
- Use tools that can spot fake cellular towers and monitor network logs for unusual activities, such as unknown neighbour cell towers, sudden handover failures and rapid disconnections and reconnections
- Implement standalone solutions to monitor the signaling layer to identify sudden spikes in signaling volume or abnormal registration patterns that indicate a rogue base station is active
- Use analytics with spam reporting to catch abnormal SMS patterns or suspicious device identification
- Implement Rich Communication Services: Transition from standard SMS to Rich Communication Services (RCS) to offer a more secure messaging protocol with verified sender identifiers and encryption
- Share intelligence:
- Feed real-time network data into fraud management systems, update blocklists or malicious Uniform Resource Locators (URLs) and share threat information with other operators and government authorities
- Use specialized direction-finding equipment to pinpoint the exact location of active SMS blasters, allowing law enforcement to seize the hardware
- Coordinate across the industry: Collaborate with device makers and regulators to improve privacy features and strengthen defense mechanisms
Mitigation strategies for device manufacturers
- Offer users more security control:
- Provide options for users to disable 2G network connections
- Enforce the use of encryption with the mobile network
- Improve security features:
- Offer clearly defined options for how users can select and restrict network connections
- Disable 2G network usage by default
- Use applications for messages securely (for example, allowing users to accept the risk before enabling SMS messaging)
Mitigation strategies for end users
- Use phishing-resistant multi-factor authentication (MFA): Use authentication apps or hardware security keys rather than SMS-based codes and one-time passwords
- Stop, verify and report:
- Stop: Refrain from clicking on links or attachments in unsolicited SMS and avoid responding to suspicious or unexpected messages
- Verify: Contact the organization or individual directly through their official channels, such as the contact information listed on their official website
- Report:
- Forward the suspicious message to 7-7-2-6 (“SPAM”) or use the messaging application’s spam reporting function
- Report the incident to the Royal Canadian Mounted Police via the Report cybercrime and fraud portal. This will notify the appropriate organizations to initiate an investigation and take appropriate actions
- Disable 2G:
- Turn off 2G network connections in your phone’s settings, if the option is available
- Contact your mobile provider if you don’t have the option
- Use end-to-end encryption applications: Protect the contents within messaging and data transfer communications with applications that support end-to-end encryption
- Be skeptical: Remember that legitimate organizations never ask for personal information, passwords or banking information through messages
- Install applications safely:
- Only download applications from official app stores or from developers with a verified reputation
- Use an anti-virus software to scan newly downloaded and existing apps on your device for malware
As SMS-based authentication and notifications continue to be default for many applications, threat actors will continue to exploit its vulnerable nature. To address these challenges, collaboration among the industry is essential for raising awareness and implementing robust security measures.
Learn more
- Using your mobile device securely (ITSAP.00.001)
- Don't take the bait: Recognize and avoid phishing attacks (ITSAP.00.101)
- How to identify misinformation, disinformation, and malinformation (ITSAP.00.300)
- Steps for effectively deploying multi-factor authentication (MFA) (ITSAP.00.105)
- Reporting spam text messages to 7726