Description: This talk explores the evolving landscape of cellular network attacks, focusing on well-known protocol weaknesses in 5G, 4G, and 2G technologies. Despite advances in mobile security, vulnerabilities persist—particularly the ability to downgrade connections to insecure 2G protocols—which can be exploited for a range of attacks. Central to these threats are false base stations, commonly referred to as Stingrays or IMSI catchers, which impersonate legitimate cell towers to intercept and manipulate mobile communications.
A key use case of these devices, the SMS blaster, has emerged as a significant global threat. Previously confined to mainland China, SMS blaster attacks have rapidly proliferated since late 2022, with documented cases now spanning the UK, Norway, France, Vietnam, Hong Kong, New Zealand, Brazil, and beyond. SMS blasters enable attackers to send large volumes of SMS phishing messages directly to nearby devices, bypassing carrier-level anti-spam and anti-fraud systems. This technique has proven to be a highly profitable form of fraud, fueling a surge in credential theft, financial scams, and social engineering campaigns worldwide.
Speaker: Roger Piqueras Jover, Security Engineering Manager - Enterprise Security