Google explains how Android guards you towards phishing assaults
In a brand new weblog submit, Google raises consciousness a couple of prevalent SMS assault technique. The corporate additionally highlights the built-in instruments in Android designed to thwart these assaults and maintain you secure.To get a greater grasp of what Android safety instruments are for and the way they work, let’s first break down how an assault can occur. Within the weblog submit, Google talks a couple of SMS Blaster fraud. These days, there was extra proof of safety flaws in mobile networks being exploited utilizing cell-site simulators.
Cell-site simulators, often known as False Base Stations (FBS), Stingrays or SMS Blasters, are radio gadgets that fake to be actual cell towers, tricking telephones into connecting to them.
This lets malicious actors ship SMS phishing messages straight to smartphones, bypassing the service community and all of the anti-spam and anti-fraud methods. Scammers normally use transportable FBS gadgets whereas driving round, and there have even been instances of them carrying these gadgets in backpacks.
Some malicious actors carry FBS gadgets in backpacks. | Picture credit score – Google
The trick is fairly easy and includes identified techniques to push telephones onto a 2G community managed by attackers. SMS Blasters faux an LTE or 5G community, then downgrade the connection to the outdated 2G protocol. The identical gadget then pretends to be a 2G community, making all telephones within the space hook up with it. Attackers exploit the dearth of mutual authentication in 2G networks to pressure unencrypted connections, letting them absolutely intercept and inject SMS messages.
These SMS Blasters could be purchased on-line and don’t require a number of technical know-how. They’re simple to arrange, and customers can configure them to imitate a particular service or community with only a cellular app.
General, so long as a cellular gadget helps 2G, customers are susceptible to this sort of fraud, regardless of the standing of 2G on their native service.
So, how does Android assist maintain your smartphone safe?
With Android 12, Google launched a characteristic that lets customers disable 2G. | Picture credit score – Google
A number of safety features in Android can actually assist scale back and even utterly block the impression of one of these fraud.
For instance, with Android 12, Google launched a characteristic that lets customers disable 2G on the modem stage. For those who use this feature, it utterly eliminates the chance from SMS Blasters. Right here is the best way to do it:
- Go to Settings
- Discover Community and web
- Select SIMs
- Toggle the choice Enable 2G (if out there, as not all OEMs provide it, however Pixel telephones and Galaxy telephones ought to have it)
One other key characteristic is the power to disable null ciphers, which is essential for stopping 2G FBS from injecting SMS payloads by utilizing a null cipher. This safety measure was launched in Android 14 with a brand new toggle within the cellular community settings. Units that use Radio HAL 2.0 or greater assist it. Android additionally has strong protections towards SMS spam and phishing, no matter how the messages are delivered. The built-in spam safety helps establish and block undesirable messages. Moreover, Verified SMS helps customers acknowledge legit messages from companies, marking them with a blue checkmark to indicate they’ve been verified by Google.
Moreover, Google recommends utilizing different essential safety features out there on Android, like Secure Searching and Google Play Defend. Secure Searching is constructed into Android gadgets and protects billions of customers worldwide by warning them about doubtlessly harmful websites, downloads, and extensions that could possibly be phishing or malware-related.
And when somebody tries to obtain a malicious app from the Play Retailer, Google Play Defend steps in. It scans apps for malware and different threats, warning customers about doubtlessly dangerous apps earlier than they are often put in.
In a world the place on-line threats are all over the place, I believe it’s nice that Google retains engaged on bettering its safety features to guard customers.
