Google has issued a fresh warning to smartphone users about a growing wave of SMS-based cyberattacks that can bypass network-level security and directly target mobile devices. The company said these attacks exploit weaknesses in older 2G networks, allowing scammers to send malicious text messages without detection.
How the Attack Works
The threat comes from portable devices known as SMS blasters or cell-site simulators, which act as fake mobile towers. These devices, also called False Base Stations (FBS) or Stingrays, can intercept mobile signals and send manipulated text messages that appear to come from legitimate sources.
Once nearby phones connect to these fake towers, attackers can inject false messages directly into the device, bypassing anti-spam and anti-fraud filters used by network operators. The messages often look identical to genuine texts, making it nearly impossible for users to recognize that they’ve been targeted.
Originally developed for surveillance, this technology is now being used for large-scale scams and fraud campaigns that broadcast messages to thousands of devices within range.
2G Networks
Most of these attacks depend on forcing smartphones to connect to 2G networks, which lack modern encryption and authentication protections. By downgrading a device from 4G or 5G to 2G, hackers can perform man-in-the-middle attacks, intercepting and manipulating unencrypted communications.
“Downgrading the user’s connection to a legacy 2G protocol abuses the lack of mutual authentication and forces connections to be unencrypted,” Google explained. This allows attackers to push out malicious text messages that bypass normal carrier safeguards.
How to Stay Protected
Google has advised users to disable 2G connections to protect against such attacks. “Android 12 introduced a user option to disable 2G at the modem level,” the company said, noting that this setting “completely mitigates the risk from SMS blasters.”
The feature has since been expanded in Android 16, where Advanced Protection Mode automatically disables 2G networks. Samsung has also enabled similar protection under its Maximum Restrictions mode, allowing users to turn off 2G manually.
Harder for iPhones
Apple users have fewer options. iPhones currently do not include a standard feature to block 2G connections. Only Lockdown Mode, intended for high-risk users, disables both 2G and 3G networks, but it also limits several key functions, making it unsuitable for regular use.
Cybersecurity experts warn that such attacks are becoming more common, with scammers now targeting entire locations instead of individual phone numbers. By broadcasting fake SMS messages to every nearby device, attackers can reach thousands of users at once.