Lately, there have been reports about a new Android SMS phishing campaign that not only steals your money but can also wipe your data. Coincidentally, or maybe in response to this, Google has just released information on how Android protects you from SMS phishing attacks.
Google explains how Android guards you against phishing attacks
In a new blog post, Google raises awareness about a prevalent SMS attack method. The company also highlights the built-in tools in Android designed to thwart these attacks and keep you safe.
To get a better grasp of what Android protection tools are for and how they work, let's first break down how an attack can happen. In the blog post, Google talks about a SMS Blaster fraud. Lately, there has been more proof of security flaws in cellular networks being exploited using cell-site simulators.
Cell-site simulators, also known as False Base Stations (FBS), Stingrays or SMS Blasters, are radio devices that pretend to be real cell towers, tricking phones into connecting to them.
This lets malicious actors send SMS phishing messages straight to smartphones, bypassing the carrier network and all the anti-spam and anti-fraud systems. Scammers usually use portable FBS devices while driving around, and there have even been cases of them carrying these devices in backpacks.
Some malicious actors carry FBS devices in backpacks. | Image credit – Google
The trick is pretty simple and involves known tactics to push phones onto a 2G network controlled by attackers. SMS Blasters fake an LTE or 5G network, then downgrade the connection to the old 2G protocol. The same device then pretends to be a 2G network, making all phones in the area connect to it. Attackers exploit the lack of mutual authentication in 2G networks to force unencrypted connections, letting them fully intercept and inject SMS messages.
These SMS Blasters can be bought online and don’t require a lot of technical know-how. They are easy to set up, and users can configure them to mimic a specific carrier or network with just a mobile app.
Overall, as long as a mobile device supports 2G, users are at risk of this kind of fraud, no matter the status of 2G on their local carrier.
So, how does Android help keep your smartphone secure?
With Android 12, Google introduced a feature that lets users disable 2G. | Image credit – Google
Several security features in Android can really help reduce or even completely block the impact of this type of fraud.
Recommended Stories
For example, with Android 12, Google introduced a feature that lets users disable 2G at the modem level. If you use this option, it completely eliminates the risk from SMS Blasters. Here is how to do it:
Go to Settings
Find Network and internet
Choose SIMs
Toggle the option Allow 2G (if available, as not all OEMs offer it, but Pixel phones and Galaxy phones should have it)
Another key feature is the ability to disable null ciphers, which is crucial for preventing 2G FBS from injecting SMS payloads by using a null cipher. This security measure was introduced in Android 14 with a new toggle in the mobile network settings. Devices that use Radio HAL 2.0 or higher support it.
Android also has robust protections against SMS spam and phishing, regardless of how the messages are delivered. The built-in spam protection helps identify and block unwanted messages. Additionally, Verified SMS helps users recognize legitimate messages from businesses, marking them with a blue checkmark to show they have been verified by Google.
Furthermore, Google recommends using other important security features available on Android, like Safe Browsing and Google Play Protect. Safe Browsing is built into Android devices and protects billions of users worldwide by warning them about potentially dangerous sites, downloads, and extensions that could be phishing or malware-related.
And when someone tries to download a malicious app from the Play Store, Google Play Protect steps in. It scans apps for malware and other threats, warning users about potentially harmful apps before they can be installed.
In a world where online threats are everywhere, I think it is great that Google keeps working on improving its security features to protect users.
Create a free account and join our vibrant community
Register to enjoy the full PhoneArena experience. Here’s what you get with your PhoneArena account:
Tsveta, a passionate technology enthusiast and accomplished playwright, combines her love for mobile technologies and writing to explore and reveal the transformative power of tech. From being an early follower of PhoneArena to relying exclusively on her smartphone for photography, she embraces the immense capabilities of compact devices in our daily lives. With a Journalism degree and an explorative spirit, Tsveta not only provides expert insights into the world of gadgets and smartphones but also shares a unique perspective shaped by her diverse interests in travel, culture, and visual storytelling.
Recommended Stories
Loading Comments...
COMMENT
All comments need to comply with our
Community Guidelines
Phonearena comments rules
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: