Google is urging smartphone users to take immediate action to protect themselves from a new type of cyberattack involving malicious SMS messages.
The threat stems from a technique using SMS Blasters-devices that impersonate legitimate cell towers, allowing attackers to send harmful messages directly to phones without going through mobile carriers.
This method allows hackers to avoid traditional defenses like spam filters and scam detectors. Since the attackers don’t need your phone number, they just target affluent areas, broadcasting fake signals and waiting for nearby phones with vulnerable settings-like 2G support-to connect.
In the U.K., an attacker using an SMS Blaster was recently caught, prompting a nationwide warning. Law enforcement and Google both highlight the urgency: these scams can harvest personal and financial data, bypassing fraud protection systems entirely.
Google has confirmed that these attacks are happening globally, exploiting flaws in outdated cellular protocols via cell-site simulators. The number one thing users can do to protect themselves? Disable 2G.
2G is notoriously insecure compared to modern networks. On Android 16, disabling 2G is easy if you enable Advanced Protection Mode. Just go to: Settings > Security & privacy > Advanced protection and toggle on Device Protection. This not only blocks 2G (except for emergencies) but also adds layers of security like limiting USB access when locked and auto-rebooting after 72 hours of being idle.
iPhone users aren’t as lucky-2G can only be turned off by enabling Apple’s Lockdown Mode, a high-security feature meant for people under serious threat. Enabling it severely restricts your device but may be worth it if you’re at risk.
While SMS Blasters are alarming, Trend Micro’s latest report says most mobile threats still come from scammers posing as brands like Netflix, PayPal, and Toyota. They offer fake prizes, ask for your info, or claim you’ve won something you never signed up for. Remember the golden rule: if it sounds too good to be true, it probably is.
Here’s how to spot a scam:
- Unexpected messages asking for personal or financial details
- Poor spelling or grammar in the text
- Messages unrelated to anything you’re expecting-like deliveries or contests you never entered
To improve protection for its users, Google is planning to integrate features like Scam Detection and Call Screen directly into the Pixel setup process, ensuring users know how to guard against these threats from the get-go.
Cyber threats keep evolving, but a few proactive steps-like disabling outdated tech and staying alert-can keep you safer.