Google explains how Android guards you in opposition to phishing assaults
In a brand new weblog put up, Google raises consciousness a couple of prevalent SMS assault methodology. The corporate additionally highlights the built-in instruments in Android designed to thwart these assaults and preserve you protected.To get a greater grasp of what Android safety instruments are for and the way they work, let’s first break down how an assault can occur. Within the weblog put up, Google talks a couple of SMS Blaster fraud. Recently, there was extra proof of safety flaws in mobile networks being exploited utilizing cell-site simulators.
Cell-site simulators, also called False Base Stations (FBS), Stingrays or SMS Blasters, are radio units that faux to be actual cell towers, tricking telephones into connecting to them.
This lets malicious actors ship SMS phishing messages straight to smartphones, bypassing the provider community and all of the anti-spam and anti-fraud methods. Scammers often use moveable FBS units whereas driving round, and there have even been circumstances of them carrying these units in backpacks.
Some malicious actors carry FBS units in backpacks. | Picture credit score – Google
The trick is fairly easy and entails recognized techniques to push telephones onto a 2G community managed by attackers. SMS Blasters pretend an LTE or 5G community, then downgrade the connection to the outdated 2G protocol. The identical machine then pretends to be a 2G community, making all telephones within the space hook up with it. Attackers exploit the dearth of mutual authentication in 2G networks to power unencrypted connections, letting them totally intercept and inject SMS messages.
These SMS Blasters will be purchased on-line and don’t require a whole lot of technical know-how. They’re simple to arrange, and customers can configure them to imitate a particular provider or community with only a cellular app.
General, so long as a cellular machine helps 2G, customers are liable to this sort of fraud, irrespective of the standing of 2G on their native provider.
So, how does Android assist preserve your smartphone safe?
With Android 12, Google launched a characteristic that lets customers disable 2G. | Picture credit score – Google
A number of safety features in Android can actually assist scale back and even fully block the affect of one of these fraud.For instance, with Android 12, Google launched a characteristic that lets customers disable 2G on the modem degree. If you happen to use this feature, it fully eliminates the chance from SMS Blasters. Right here is how you can do it:
- Go to Settings
- Discover Community and web
- Select SIMs
- Toggle the choice Enable 2G (if out there, as not all OEMs supply it, however Pixel telephones and Galaxy telephones ought to have it)
One other key characteristic is the flexibility to disable null ciphers, which is essential for stopping 2G FBS from injecting SMS payloads through the use of a null cipher. This safety measure was launched in Android 14 with a brand new toggle within the cellular community settings. Units that use Radio HAL 2.0 or increased help it.
Android additionally has sturdy protections in opposition to SMS spam and phishing, no matter how the messages are delivered. The built-in spam safety helps determine and block undesirable messages. Moreover, Verified SMS helps customers acknowledge reliable messages from companies, marking them with a blue checkmark to indicate they’ve been verified by Google.
Moreover, Google recommends utilizing different vital safety features out there on Android, like Protected Shopping and Google Play Shield. Protected Shopping is constructed into Android units and protects billions of customers worldwide by warning them about doubtlessly harmful websites, downloads, and extensions that might be phishing or malware-related.
And when somebody tries to obtain a malicious app from the Play Retailer, Google Play Shield steps in. It scans apps for malware and different threats, warning customers about doubtlessly dangerous apps earlier than they are often put in.
In a world the place on-line threats are in all places, I believe it’s nice that Google retains engaged on bettering its safety features to guard customers.
