Google Warns Many Android Owners Still Haven't Disabled 2G, Here's How

Google is urging Android users to switch off 2G network connectivity, citing fraud schemes that can drain bank accounts and steal user data. In an announcement, the company detailed attack methods using SMS phishing that exploit security weaknesses in cellular networks through the use of cell site simulators. These radio devices, known as False Base Stations (FBS), Stingrays, or SMS Blasters, impersonate legitimate cell towers to connect directly to smartphones. By bypassing carrier networks and their anti-spam and anti-fraud systems, criminals can send phishing SMS messages directly to victims. FBS devices are often used while driving or carried in backpacks. The trick involves spoofing LTE or 5G networks to force a downgrade to a 2G connection controlled by the attacker. The 2G network is exploited due to its lack of mutual authentication, making the connection unencrypted and allowing the insertion of SMS messages. SMS Blasters are easily obtained online and require little technical knowledge to set up and mimic specific networks. To mitigate this, users are advised to disable 2G at the modem level. On Android, this can be done by navigating to Settings, selecting Networks, choosing SIMs, and toggling the ‘Allow 2G’ option off. Android also provides SMS phishing protections to identify and block unwanted messages, while verified SMS helps users recognise legitimate business texts with a blue check mark. Additional security features include Safe Browsing, which warns about risky sites, downloads, and extensions, and Google Play Protect, which scans for malware and alerts users to potential threats.