2G/3G Attacks

SMS Interception

HIGH SEVERITY

Legal Warning

Performing these attacks without proper authorization is illegal in most jurisdictions. This information is for educational and authorized security testing only.

Overview

SMS interception attacks allow attackers to capture, read, and potentially modify text messages sent between mobile devices, compromising the confidentiality and integrity of SMS communications.

Technical Overview

SMS messages in 2G/3G networks are often unencrypted or weakly encrypted, making them vulnerable to interception. Attackers can use IMSI catchers, fake base stations, or SS7 vulnerabilities to intercept SMS messages in transit.

Impact

Potential consequences of this attack

•Exposure of sensitive personal communications
•2FA/OTP bypass for account takeover
•Business intelligence gathering
•Privacy violations and surveillance
•Financial fraud through SMS banking

Attack Vectors

Methods used to execute this attack

•IMSI catcher deployment for local interception
•SS7 network exploitation for remote interception
•Fake BTS for man-in-the-middle attacks
•SIM swap attacks to receive SMS
•Malware on device for SMS access

Attack Methodology

Step-by-step attack execution process

1Deploy IMSI catcher or fake BTS in target area
2Force target device to connect to rogue station
3Intercept SMS messages during transmission
4Decrypt if encrypted with weak algorithms
5Optionally forward to legitimate network to avoid detection
6Store and analyze intercepted messages

Mitigations & Defense

Protective measures and countermeasures

Use end-to-end encrypted messaging apps instead of SMS
Implement app-based 2FA instead of SMS OTP
Enable RCS with encryption where available
Use IMSI catcher detection tools
Monitor for unusual SMS delivery delays
Educate users about SMS security limitations

Real-World Examples

Known incidents and use cases

→SS7 attacks on banking 2FA systems
→Government surveillance of activists
→Corporate espionage through SMS monitoring
→Cryptocurrency theft via SMS 2FA bypass
→Political campaign intelligence gathering

Related Attacks

2G/3G Attacks

IMSI Catching

IMSI catchers are rogue base stations that trick mobile devices into connecting to them, allowing attackers to capture International Mobile Subscriber Identity (IMSI) numbers and intercept communications.

2G/3G Attacks

Fake BTS Attacks

Fake Base Transceiver Station (BTS) attacks involve deploying rogue cell towers that impersonate legitimate network infrastructure to intercept communications and perform man-in-the-middle attacks.

2G/3G Attacks

Call Interception

Call interception attacks enable attackers to eavesdrop on voice communications by capturing and decrypting the audio stream between mobile devices and the network.

References & Further Reading