23. Dezember 2025
Die trügerische Sicherheit von Mobilnetzen (SMS-Attacken)
Manch einer denkt, dass man er sicher fährt, wenn er unterwegs, zum Beispiel in Hotels, auf öffentliche Mobilnetze setzt, statt auf das bequeme WLAN, doch SMS-Attacken erzählen eine andere Geschichte. Viele wissen, dass gerade Gast-WLAN’s in Hotels etc. oft gehackt sind. Doch Hacker haben längst Wege gefunden, Mobilfunkmasten zu imitieren, so dass sich zum Beispiel ein Smartphone statt bei einem seriösen Anbieter, stattdessen auf einer wirklich “mobilen” Antenne anmelden, die von Hackern an entsprechende Orte gebracht wird. Und niemand merkt es….
SMS attacks are on the rise, with recent Google announcements providing methods on how to keep your cellular Android devices safe from text message fraud. These types of cellular attacks exploit cell-site simulators, known as False Base Stations (FBS) or Stingrays, which mimic legitimate cell towers. These faulty towers can lure mobile devices to connect to them and breach privacy and security.
Once connected, hackers utilize “SMS Blasters” to spam phishing messages directly to smartphones, bypassing carrier networks and anti-fraud systems. This method takes advantage of weaknesses in 2G networks, downgrading connections to force unencrypted links, making it easier to distribute fraudulent SMS messages.
Here are some recent ways FBS Stations and Stingrays have been used to attack cellular networks:
- Two hackers in Britain were recently arrested for building homemade antennas that flooded local residents with thousands of spam messages. These messages posed as legitimate communications from banks, health insurance companies, and other official organizations in an attempt to steal personal information.
- In Dubai, three hackers jammed a nearby cell tower, tricking mobile devices into connecting to a fake cellular station inside their van. This allowed them to intercept call and text metadata, and possibly even the contents of the calls.
- Police caught two hackers from Hong Kong at a Bangkok shopping mall using a portable FBS and Stingray device, posing as the telecom provider AIS. They sent fake messages to AIS customers, claiming their reward points and gift cards were expiring, and provided a fraudulent link for redemption. This link prompted users to enter personal information and credit card details, allowing the hackers to take advantage of this information.
