SMS blasters are affecting a growing number of countries. Fraudsters drive around with cars, motorbikes, or even suitcases on the metro, and in those they have false base stations which blast SMS to phones in their vicinity. The fraudulent SMS try to phish information, contain malicious links and often impersonate well-known entities like banks or government agencies.
Those SMS blasters are not part of the local mobile operator network. SMS blasters—sometimes also called Stingrays or IMSI-catchers—impersonate legitimate cell towers and are not connected to the local mobile operator radio network, but that doesn’t mean that nothing can be detected. SMS blasters leave “disturbances” behind and those enable potential detection.

How an FBS-based SMS blaster operates: physical and digital process visualization
The detection techniques vary depending on where they are implemented. They can be deployed by Mobile Network Operators (MNOs), at the mobile device level, or by regulatory bodies. The operator association GSMA is also investigating the topic with its members. They have provided information on the detection of SMS blasters in their latest publications. We will analyse how to protect against SMS blasters in our next article and focus now on how to detect them.

