Google Warns: New SMS Attacks Can Bypass Security and Hijack Smartphones

Google has issued a serious warning for smartphone users. A new wave of SMS-based cyberattacks is spreading fast. These attacks can bypass network-level security and directly target mobile devices.

2G Networks

According to Google, scammers are exploiting weak spots in outdated 2G networks, making it easier to send malicious messages that appear genuine.
The threat comes from portable tools called SMS blasters or cell-site simulators. These fake towers, also known as False Base Stations (FBS) or Stingrays, trick phones into connecting to them. Once connected, attackers can inject fake messages straight into your device — messages that look exactly like real alerts from banks, delivery services, or even your carrier.

How the Attack Works

Hackers use these fake towers to bypass anti-spam filters set by network operators. When your phone unknowingly connects to one, it may receive false messages designed to steal information or install malware. The scariest part? These texts look completely normal.
Most attacks rely on forcing your smartphone to switch from 4G or 5G down to 2G. Older 2G networks lack strong encryption and mutual authentication, which leaves a big security gap. Once your phone is downgraded, cybercriminals can intercept and alter messages in real time.
Google explained that downgrading a device to 2G “abuses the lack of mutual authentication” and leaves connections unencrypted. As a result, attackers can deliver malicious messages that slip past carrier protections unnoticed.
Disable 2G connections on your phone if possible. Many Android devices now include this option. Always avoid clicking links in unexpected texts, even if they seem legitimate. Keep your phone’s software updated and use built-in security features. Awareness is your first line of defense against these evolving scams.