Comment by dreamlayers
13 hours ago
How is this possible? Are phones willing to connect to any cell and blindly trust that text messages from there are genuine and really coming from the numbers they claim to be coming from? Isn't there some cryptographic verification?
2g networks didn't have the phone verify the network, so yes they can do this.
At least as of today, most phones have an option to turn off 2g but that isn't a default.
The only way to truly disable 2g on an iPhone is to enable lock-down mode, which is a step too far for me.
Agree. I do a lot of travel and in 3rd-world countries it is quite common to get 2g spam, it's really unacceptable that Apple doesn't offer a way to turn off 2g short of lockdown mode.
It's always amusing to me how apple tries to hide basic security features behind there super duper totally secure mode which nobody will enable because it destroys usability.
Meanwhile GrapheneOS in the default mode is as much or much more secure (and private duh) than there marketing mode with little to no usability decrease.
Plausible. Only Rogers still has working 2G.
It doesn't matter what the network is doing; the phone needs to disable 2g. There's various ways to get the phone to downgrade to 2g otherwise, eg https://montsecure.com/files/2021_downgrade.pdf
Android has it as a toggle: https://source.android.com/docs/security/features/cellular-s...
iPhone disables it for phones in lockdown mode.
And if you have a modern enough SIM+phone combo, it won’t even display the 2g network as an available network, nor 3G on my device.
I wonder if this mostly hit international SIMs, since they wouldn’t be running the same level of SIM code to prefer various network locks like a local SIM.
Helps you stay under the radar and gov services over SMS is a lot more advanced outside of Canada if you want to do some fraud.
2 replies →
That's incredible, here in Australia they not only shut down all 2G networks almost a decade ago, but they've already shut down 3G as well!
Although now looking at Wikipedia there are a lot more 2G networks sticking around than I realised, still hard for me to believe given what's happened here!
2 replies →
Which is interesting in that they very publicly shut down the 3G network last year.
The original standards weren't expecting anyone but carriers to send messages and ramping up security has been a slow process, so downgrade attacks probably work nicely.
Guessing the spammer doesn't want to overload towers or be foxed within the same 3 so they're driving. Maybe the hats(?) shut off on rotation... or eSIM?
Well, based on what I'm gleaning from https://www.smsbroadcaster.com/ (yes, they sell these brazenly in the open), I suspect they're doing some SDR shenanigans to bring up fake cell networks and leverage Cell Broadcast instead of just SMS.
https://en.wikipedia.org/wiki/Cell_Broadcast
They are also interfering with connections and attempting downgrade attacks to do 2G SMS messages as well (and is likely where Canadian carriers were picking up the 'millions' of attacks against its network and failed authentication attempts).
Amusingly this was all also caught because of Telus reviewing those SMS messages that were reported as spam from people on iOS/Android and realizing that the messages weren't being terminated inside the cell network at all when they tried tracing them out and suspected that this was the case.