Your Phone is at Risk Too - Mobile Fake Base Station SMS Phishing Cases and Countermeasures

Security
Page content

This is actually happening! Check if your phone is being hacked right now.
Hidden mobile base stations in cars are secretly approaching people.
A text arrives on your phone: “Emergency! Your account has been hacked. Check immediately”
In a panic, you click the link and enter your password… and soon cash is stolen from your account.
It sounds like a movie plot, but this is actually happening in real life.

In March 2025, a Chinese student in London drove around in an SUV for 5 days, sending smishing text messages to tens of thousands of people.
Similar incidents of fake text messages being distributed occurred in Bangkok, Thailand, Malaysia, and New Zealand.

Let’s find out what’s really happening and what we need to do about it.

Suspicions About Text Messages

Last week on my way home from work, I received another strange text message.
“Suspicious transactions detected in your account. Check immediately.” Something like that.
Normally I would have just deleted it, but after seeing recent news, I started thinking differently.

The methods cybercriminals use these days have become frighteningly sophisticated.
I heard they load equipment called ‘SMS Blasters’ into cars and drive around distributing fake texts to nearby phones.
And they can send up to 100,000 messages per hour.

Actually, I was a bit skeptical at first.
I wondered if such a thing was really possible, so I looked up related news…

Wow, amazing… They hack like this these days. I was totally shocked.

What is an SMS Blaster

Simply put, it’s a fake base station.
It disguises itself as a legitimate telecom base station to trick nearby phones into connecting, then spreads phishing texts everywhere.

The operating principle is quite scary. Our phones normally connect automatically to the base station with the strongest signal, right?
This SMS Blaster exploits exactly that.
It sends out a stronger signal than normal base stations to lure phones in.

Once connected, it forcibly downgrades the communication method to 2G.
2G has weak security, making it easy to manipulate.
Then it sends phishing texts and returns the phone to the normal communication network, with the entire process taking less than 10 seconds.

From the victim’s perspective, it’s hard to notice anything strange. It just seems like they received a regular text message.

This made me curious, so I looked up more about SMS Blasters.
Here’s what I found summarized below.

What is an SMS Blaster?

An SMS Blaster is a portable fake base station device that can send messages to all mobile phones within its coverage range. (https://www.septier.com/portfolio-item/sms-blaster/)
More precisely, this device, also called an IMSI Catcher, disguises itself as a legitimate mobile base station and performs man-in-the-middle attacks (MITM) between phones and actual telecom base stations. (https://en.wikipedia.org/wiki/IMSI-catcher)

How SMS Blasters Work

SMS Blasters operate in the following manner:

  1. Signal Strength Manipulation: Phones always automatically connect to the base station with the strongest signal, and SMS Blasters send stronger signals than normal base stations to lure phones in.
  2. Forced 2G Downgrade: They forcibly downgrade connected phones to the less secure 2G network to disable encryption.
  3. Direct Message Transmission: They can directly send up to 100,000 SMS messages per hour, and can also arbitrarily manipulate sender information.
  4. Return to Normal Network: After sending messages, they return phones to the normal communication network.

Malicious Use of SMS Blasters

It’s understandable why cybercriminals prefer SMS Blasters.
They can completely bypass telecom spam blocking systems to directly deliver messages containing phishing URLs.
Since they don’t go through telecom companies, spam filtering doesn’t work and messages are sent directly to smartphones.
Moreover, by installing this equipment in vehicles and moving around while performing cyber attacks on many people, they can avoid detection.
The problem is that it’s difficult to catch criminals because tracking is hard and they disguise themselves as normal base stations.

Occurring Worldwide

These SMS Blaster attacks are a much more serious situation than expected.
Initially starting in Southeast Asia, they’re now spreading worldwide.

In Switzerland, the government cybersecurity center issued direct warnings, and in the UK, a Chinese student was caught hiding an SMS Blaster in the trunk of a Honda and driving around London sending tens of thousands of fake messages. He even received a one-year sentence.

They were also discovered in Tokyo and Osaka, Japan, Jakarta Indonesia, São Paulo Brazil, and even New Zealand…
Really nowhere has been spared.

The New Zealand incident was particularly impressive - a 19-year-old sent 700 fake bank texts in one night in Auckland.
Fortunately, there was no actual damage thanks to two-factor authentication, but seeing the technical capability and impact was truly chilling.

Recent Cases in Korea

Recently, incidents have occurred in Korea as well.
The KT micropayment hacking incident used exactly this method.

A few days ago, Chinese suspects were arrested, and in the news they said “I just did what my superiors ordered.”
So Korean police suspect this might be the work of a professional criminal organization in China.
‘KT Micropayment’ Chinese Suspect “Superiors Ordered Me to Go to Areas with Many Apartments”

Two Chinese hackers loaded small base stations called femtocells into cars and drove around hacking KT users’ phones.
Femtocells are normally legitimate equipment installed by telecom companies to improve indoor communication quality, but they seem to have been leaked externally due to poor management.

Their methods were very sophisticated.
When attempting micropayments with victims’ names, phone numbers, and birth dates, identity verification calls would come,
but they intercepted these calls with femtocells and answered them instead to complete authentication.

The scale of damage was significant too.
278 cases worth 170 million won, with 5,561 confirmed victims.

Telecom Company Neglect

The scariest thing is that telecom companies have almost no way to stop this.

Normal spam texts come through telecom networks, so some filtering is possible.
These days, some telecom companies even block texts containing URLs entirely. That’s why our government didn’t include URLs in consumption coupon notification texts for the same reason.

But SMS Blasters bypass official communication networks.
Since fake base stations connect directly to phones, existing security systems become useless.

It’s similar to someone standing on the road in front of your house with a megaphone shouting “I’m from the bank!”
No matter how good your home security system is, there’s no way to stop direct external access.

Global SMS Blaster Phishing Attack Cases Summary

I investigated what similar cases have occurred worldwide.
I hope this helps someone visiting this blog.

Asia Region

Thailand

1) Bangkok Large-scale SMS Blaster Attack (November 2024)

  • Incident: Chinese organization sent about 1 million messages over 3 days within a 3km radius in Bangkok’s Sukhumvit district using SMS Blaster (capable of 100,000 messages per hour)
  • Damage: “Points expiring” impersonation messages to steal credit card information, payments processed to overseas accounts
  • Result: 35-year-old Chinese driver arrested, arrest warrants issued for 2 Chinese organization members
  • URL: https://commsrisk.com/police-find-sms-blaster-that-sent-a-million-smishing-messages-in-3-days/

2) Bangkok Serial SMS Blaster Attacks (August 2025)

3) Tourist Guide Disguised SMS Blaster (January 2025)

Philippines

1) Large-scale Cybercrime Organization Arrest (March 2025)

2) SMS Blaster Importer Arrested (January 2025)

Malaysia

Kuala Lumpur SMS Blaster Organization (November 2024)

Indonesia

Jakarta SMS Blaster Attack (June 2025)

Japan

Tokyo/Osaka SMS Blaster Discovery (April 2025)

Hong Kong

Government Service Impersonation Attack (February 2025)

Europe Region

United Kingdom

London Large-scale Smishing Attack (March 2025)

Switzerland

SMS Blaster Attack Surge (2025)

Middle East Region

Oman

Muscat SMS Blaster Attack (2025)

Oceania

New Zealand

Auckland SMS Blaster Attack (Early 2025)

South America

Brazil

São Paulo SMS Blaster Organization Dismantled (May 2025)

Real Reasons Criminals Prefer This

Actually, SMS Blasters aren’t cheap. They cost a lot.
They range from several thousand dollars to $35,000.
But criminals use them for good reasons.

First is guaranteed message delivery rate.
Regular spam texts reach only about 10% even when sent in large quantities.
But SMS Blasters have nearly 100% delivery.
As long as 2G is activated, you’re guaranteed to receive them.

Second is making them look authentic.
Since everything from sender information to content can be completely manipulated, they can make it look like it came from banks or government agencies.

Third is mobility.
By loading them into cars and driving around different areas, they’re hard to track and can expand the scale of damage.

Countermeasures

The most reliable method is turning off 2G on your phone.
Since SMS Blasters exploit 2G vulnerabilities.

Android has had 2G deactivation settings since version 12.
iPhone is a bit complicated - turning on Lockdown Mode automatically disables 2G.
But Lockdown Mode restricts many other functions too, making daily use inconvenient.

The problem is that not many people know this.
Most will probably just use their phones normally and get caught.

Google added a feature in Android 16 to show warning notifications when connected to fake base stations.
Still, it’s after connection, so it’s not a complete solution.

Below, I tried to organize technical methods and precautions by searching the internet for this opportunity.
I hope the content below helps someone visiting this blog~

1. Technical Blocking Methods

Complete 2G Network Deactivation

  • Android Setting Method:

    • Version 12+: Settings → Network & Internet → Mobile Network → Preferred Network Type → Disable 2G
    • Samsung Galaxy: Settings → Connections → Mobile Networks → Network Mode → Select 5G/4G/3G Auto Connect
    • LG: Settings → Network → Mobile Network → Network Type → Select LTE/WCDMA

  • iPhone Setting Method:

    • iOS 16+: Settings → Privacy & Security → Enable Lockdown Mode (automatically blocks 2G)
    • Or Settings → Cellular → Cellular Data Options → Voice & Data → Select LTE
    • Lockdown Mode disadvantages: Blocks FaceTime calls, limits message attachments, restricts web browser functions, etc.

Network Monitoring App Utilization

  • Android: CellMapper, Network Cell Info, OpenSignal
  • iPhone: Network Analyzer, WiFi Analyzer
  • Detect suspicious base station signals or sudden network changes for warnings

2. Behavioral Guidelines and Prevention

Suspicious Text Identification

  • Be cautious of urgent messages impersonating financial institutions or government agencies
  • Never click URL shortening service links (bit.ly, tinyurl, etc.)
  • Consider 100% of links requesting personal information as fraud
  • Always verify urgent remittance/payment requests through official channels

Immediate Response Methods

  1. Delete suspicious texts immediately upon receipt
  2. Call relevant institutions (banks, card companies) directly for verification
  3. Change passwords immediately if you clicked links
  4. Check security of related accounts if you entered personal information

Tasks for Government and Telecom Companies

What individuals can do is limited.
Ultimately, government and telecom companies need to respond more significantly.

First, regulation of SMS Blaster equipment itself seems necessary.
Currently, you can easily buy them online for a few thousand dollars.
While there may be legitimate uses, registration or licensing systems should be introduced.

Telecom companies should also be more proactive.
Like monitoring unusual traffic patterns at network edges or installing equipment to detect illegal base stations.

The femtocell management problems revealed in Korea’s KT incident are also serious.
I suspect equipment leaked externally because they couldn’t properly recover the 150,000 units installed in Korea.
Life cycle management of such communication equipment needs to be more thorough.

Ultimately, The Habit of Suspicion is the Best Defense

While technical responses are important, ultimately we have no choice but to be careful ourselves.

Never click links in unsolicited texts, and when messages impersonating financial institutions or government agencies arrive, be suspicious first.
If it’s really urgent, you can call the relevant institution directly to verify.

While SMS Blasters have made text scams more sophisticated and faster, exploiting human greed and anxiety remains the same as before.

“When you receive messages like ‘Click quickly or something terrible will happen,’ it’s best to think twice."

Oh, and don’t forget to report strange texts to the Korea Communications Commission or police.
Individual damages might be small, but accumulated reports help in arresting criminal groups.

SMS Blasters, a new threat, are penetrating deep into our lives.
As technology advances, criminal methods become more sophisticated, but I believe we can prevent them sufficiently by not losing basic vigilance.

Have you received any strange texts recently?
If you have anything suspicious, please share in the comments.
Sharing information with each other is also a good way to prevent such scams.