alt Hacker NewsHow is this possible? Are phones willing to connect to any cell and blindly trust that text messages from there are genuine and really coming from the numbers they claim to be coming from? Isn't there some cryptographic verification?
Replies
The original standards weren't expecting anyone but carriers to send messages and ramping up security has been a slow process, so downgrade attacks probably work nicely.
Guessing the spammer doesn't want to overload towers or be foxed within the same 3 so they're driving. Maybe the hats(?) shut off on rotation... or eSIM?
Well, based on what I'm gleaning from https://www.smsbroadcaster.com/ (yes, they sell these brazenly in the open), I suspect they're doing some SDR shenanigans to bring up fake cell networks and leverage Cell Broadcast instead of just SMS.
https://en.wikipedia.org/wiki/Cell_Broadcast
They are also interfering with connections and attempting downgrade attacks to do 2G SMS messages as well (and is likely where Canadian carriers were picking up the 'millions' of attacks against its network and failed authentication attempts).
Amusingly this was all also caught because of Telus reviewing those SMS messages that were reported as spam from people on iOS/Android and realizing that the messages weren't being terminated inside the cell network at all when they tried tracing them out and suspected that this was the case.
2g networks didn't have the phone verify the network, so yes they can do this.
At least as of today, most phones have an option to turn off 2g but that isn't a default.