[SMS Blasters — which are also known as Stingrays, False Base Stations (FBS), and cell-site simulators — can be used by nefarious parties to “lure mobile devices to connect to them” and send fake text messages. One way to combat them is by disabling the insecure 2G connection on your Android device.
GSMA’s Fraud and Security Group (FASG) has developed a briefing paper for GSMA members to raise awareness of SMS Blaster fraud and provide guidelines and mitigation recommendations for carriers, OEMs, and other stakeholders.
Google advises that fake messages, which are only possible over 2G, often perpetuate financial fraud. Attackers can easily fake the number that appears to make it seem like it’s from a known business. There are also reports of them being used to “disseminate malware, for example injecting phishing messages with a URL to download the payload.”
SMS Blasters expose a fake LTE or 5G network which executes a single function: downgrading the user’s connection to a legacy 2G protocol. The same device also exposes a fake 2G network, which lures all devices to connect to it.
Starting with Android 12, Google introduced the option to disable 2G, with Pixel phones being the first to adopt. Even with “Allow 2G” switched off, emergency calls are still possible.
Additionally, Android also has an option to disable null ciphers as a key protection because it is strictly necessary for the 2G FBS to configure a null cipher (e.g., A5/0) in order to inject an SMS payload. This security feature launched with Android 14 requires devices that implement radio HAL 2.0 or above.
Another layer of protection Android provides is through Google Messages. The SMS client can “identify and block spam SMS messages.”
Source: https://9to5google.com/2024/08/01/android-disable-2g/