Smartphone users are being urged to review a critical setting on their devices following warnings about a new type of attack that bypasses traditional mobile network defences. According to Google, disabling 2G connectivity on your phone is an important step in preventing malicious SMS attacks, known as SMS Blaster fraud, which have been observed in multiple countries.
SMS Blasters work by creating a fake network access point using radio devices that mimic legitimate cellular towers. This allows attackers to send malicious text messages directly to nearby phones without needing to know the victims’ phone numbers. Because these messages don’t pass through the mobile carrier’s network, they bypass standard anti-spam and scam filters. Attackers typically target specific areas, often affluent neighbourhoods, to increase the potential payout from personal or financial data theft.
Recently, UK police arrested a suspect using an SMS Blaster device and warned the public that such attacks are designed to circumvent existing fraud prevention systems. They emphasised that text-based scams remain an effective tool for criminals seeking to harvest sensitive information under the guise of urgent requests or brand impersonation.
Google explains that 2G connectivity is especially vulnerable to these types of attacks due to its outdated security standards. Even though many countries have phased out 2G networks, phones with the feature enabled can still connect to fake cell towers pretending to operate on 2G. On devices running Android 16, users can disable 2G by navigating to Settings > Security & privacy > Advanced protection, and enabling Device Protection. This setting also adds broader security enhancements, such as restricting USB connections on locked devices and requiring reboots after extended lock periods. Emergency calls remain exempt from 2G restrictions.
iPhone users, however, have limited options. Disabling 2G requires enabling Lockdown Mode, which is primarily designed for high-risk individuals and significantly reduces overall device functionality to protect against targeted attacks.
While SMS Blaster attacks are concerning, Trend Micro reported that the most common smartphone threats continue to involve conventional scams, often impersonating trusted brands like PayPal, Netflix, Toyota, or government services to steal personal data. Users are reminded to remain sceptical of unsolicited texts requesting personal or financial information, particularly those containing spelling or grammatical errors, or messages about deliveries, contests, or gift cards unrelated to their current activities.
To strengthen defences against scams, Google is reportedly working to integrate features such as Scam Detection and Call Screen into the initial setup process on Pixel devices. This aims to ensure users are aware of and enable security protections that can help reduce the risk of falling victim to fraudulent messages.
Overall, disabling 2G connectivity is a simple yet significant step in minimising exposure to attacks that exploit weaknesses in legacy cellular standards. As SMS-based scams continue to evolve, staying cautious about unexpected messages remains a user’s first line of defence.
