Following the news that Malware authors in China are using fake base transceiver stations (BTSs), which is equipment usually installed on cellular telephone towers, to send spoofed SMS messages that contain links to Android malware. Michael Downs, Director of Telecoms Security at Positive Technologies commented below.

Michael Downs, Director of Telecoms Security at Positive Technologies:

isbuzz-author-male_1“The use of fake cellular telephone towers is not new, nor is it restricted to China, but detecting them is difficult so anecdotal evidence is limited.

“The issue is that the equipment to create a fake tower is legitimately available and relatively inexpensive to purchase. For those lacking the technical prowess, ‘how to’ guides can be found online. If that’s not worrying enough, there are even ready-made solutions traded where all that’s needed is to switch it on.

“That said, operators could do more to keep track of their radio perimeter. Analysing radio signals can help identify fake BTS and, with the use of triangulation, pinpoint the location so fake towers can be disassembled.

“The advice for mobile users is to regularly update the handset’s firmware, particularly when a new version is released as this will often fix vulnerabilities that criminals will look to exploit. The use of anti-virus programs could also help prevent malware inadvertently being installed on the device – although only trusted marketplaces should be used. The final weapon is good old instinct – any strange SMS messages, particularly those with links irrespective of who has sent them, should never be clicked but instead deleted straightaway.”

Information Security Buzz