"Because blasters operate outside of traditional mobile networks, the messages they send are not subject to the security measures that have been put in place by mobile providers. "None of our security controls apply to the messages that phones receive from them," says Anton Reynaldo Bonifacio, the chief information security officer and chief AI officer at Philippines communications firm Globe Telecom. "Once phones are connected to these fake cell sites, they can spoof any sender ID or number to send the scam message.""
"Back in 2022, Globe Telecom made the decision to stop delivering SMS messages that contain URLs, and Bonifacio says he believes scammers use the blasters to "bypass" these measures. "The technology used to be more niche, but I think sales and assembly of these IMSI catcher devices have become more prevalent for criminal organizations," he says. Researchers have found SMS blasters being sold openly online for thousands of dollars."
SMS blasters operate outside traditional mobile networks and evade mobile providers' security controls. When phones connect to fake cell sites, attacker devices can spoof any sender ID or number to deliver scam messages. Some operators ceased delivering SMS that contain URLs to limit abuse, but scammers use blasters to bypass such measures. IMSI catcher devices have become more widely available, with units sold online for thousands of dollars. Asia-Pacific has been most affected so far, with incidents also appearing in Western Europe and South America and use observed across many countries. Law enforcement has seized devices and prosecuted users. Combating the threat requires coordinated telecom, regulatory, law enforcement, and public reporting efforts.
Read at WIRED
Unable to calculate read time
Collection
[
|
...
]