Hackers are deploying SMS Blaster hardware in attacks against smartphones, police have warned.
SOPA Images/LightRocket via Getty Images
Most malware security threats are operating system-specific, meaning it is relatively uncommon to see such a cybersecurity warning that applies equally to Android and iPhone users. Sure, it happens, as in the case of the photo-stealing malware I reported on recently. When the entire smartphone universe is wrapped up in a threat warning, however, it’s more likely than not going to involve phishing and SMS text messages. With the FBI urging people not to click on SMS links, users are already on red alert. But now, police in the U.K. have warned, hackers have been found deploying something called an SMS Blaster which lets them send malicious SMS texts to any smartphone in the vicinity, without any need to know the phone numbers of the devices being attacked.
ForbesSecure Your Gmail Account From Hackers Now As Attacks ContinueBy Davey Winder
The Android And iPhone SMS Blaster Threat
Earlier this year, I wrote about a large-scale SMS attack campaign targeting both Android and iPhone users, which went into some detail about how the threat actors were employing what is known as a smartphone farm to send the malicious text messages. These operations, involving hundreds, sometimes even thousands, of mobile device emulators running in parallel on a single machine, each dedicated to a specific scam campaign, are limited by the fact that they are anchored to a location and require knowledge of the telephone numbers to send the messages to. As seems appropriate in the mobile threat sector, the threat actors themselves are now able to attack while on the move. Quite literally, in fact.
A man, arrested by the police’s Dedicated Card and Payment Crime Unit in the U.K. and sentenced this week to a year in prison, was found to be using hardware known as an SMS Blaster from the boot of his car while driving around London. Similar incidents have been reported globally, so this is far from being a U.K. only problem.
Forbes16 Billion Apple, Facebook, Google And Other Passwords LeakedBy Davey Winder
MORE FOR YOU
The SMS Blaster operates as an unlawful cellphone mast by getting smartphones in the vicinity to connect to it, instead of the genuine mast, by seemingly having a stronger signal, albeit using a 2G network. Not only does this mean that the attacker does not need to know the phone numbers of the devices being targeted, but the resulting malicious SMS messages can also evade phone networks’ anti-spam and security measures. The messages were nothing out of the ordinary in this case, a simple tax refund scam baiting the reader to click on a link. We know this as one of the arresting police officers received just such a message from the man as they approached him.
Android users are advised to disable 2G, while iPhone users should filter messages from unknown contacts. If you receive any kind of suspicious SMS message, you can forward it to 7726, whether you are in the U.K. or the U.S., to report it to your mobile carrier.
ForbesUse These Secret Gmail Addresses To Prevent Hack Attacks — Here’s HowBy Davey Winder
Editorial StandardsReprints & Permissions