Mobile security

Chinese Fight Losing Battle With Fake Basestations

Chinese authorities are continuing to fight and lose the battle with fake basestations.

It's a uniquely Chinese phenomenon, though no one can explain why.

For no more than 50,000 Chinese yuan ($7,120), fraudsters can buy a GSM basestation that is small enough to be placed in the back of a vehicle. They can drive around and distribute SMS to any phone -- usually owned by a China Mobile subscriber -- that is within range.

The exploit takes advantage of a GSM security flaw in which the basestation verifies the mobile phone but the phone doesn't verify the basestation.

China still has 238 million 2G users, accounting for 15% of the total.

In the past fake base stations were used primarily for spamming ads for illicit services such as massage and fake receipts. Over a one-month period in 2016, security research firm 360 intercepted about 3.6 million spam messages daily from fake basestations. (See Fraudsters Cash In on China's Fake Basestations.)

But recently they have moved into phishing and other kinds of fraud. According to state-run Xinhua news, a common one is to send a message that promises "points redemption" for clicking on an infected URL.

Fake transmitters have also been found to be spreading malware called Swearing Trojan, which replaced the Android SMS app with its own so that it could steal banking information.

Another exploit is to spoof the mobile phone number and take advantage of its use for authentication. One flight attendant said she had received 29 authentication messages in 30 seconds.

For all the latest news from the wireless networking and services sector, check out our dedicated Mobile content channel here on Light Reading.

Since the beginning of 2018, law enforcement agencies have dealt with 307 cases and have confiscated more than 2,800 illegal cellular transmission sets, Xinhua reported.

But it acknowledges that "violations" by the fake basestations "still exist in many areas."

Because it is not easy to identify and track a small basestation on the move, authorities are turning to other fixes.

One is from handset makers, with Samsung and Huawei reportedly building devices that can authenticate basestations.

The other is to move off 2G altogether. It is being discussed, and operators would be grateful for the spectrum, but the wheels are turning at their usual glacial speed.

Concludes Xinhua: "Although the spread of illegal activities has been effectively curbed, it is hard to be optimistic about bringing them under control."

— Robert Clark, contributing editor, special to Light Reading

Be the first to post a comment regarding this story.
Sign In