The secret of spam SMS marketing scam

IT 168 evaluation recently, the author often receives such short messages: dear users, your phone bill points can be exchanged for XXX yuan in cash, and the points will expire today. Please log in to integral mall, XXXX.COM immediately, and download and activate according to the prompts! China mobile. At first, the author didn't take it seriously. I just felt that operators are becoming more and more humanized now, and the expiration of points has begun to prompt. I can't help but sigh that internet thinking has really begun to penetrate into the top of some state-owned enterprise service industries. However, the author is a slow-witted person, and the exchange of gifts is always delayed until the end, and he did not follow the prompts in the short message. When the author found that every time I passed the same place at work, I would receive a short message with similar content, and suddenly realized that this short message from 10086 was not written by the government, but a fraudulent short message from a pseudo base station that we had been talking about this year but never knew about. The pseudo base station in my impression only stays in the stage of mass sending spam messages and obscene information. It is rare to see such blatant news disguised as official number fraud of China Mobile and major banks. At the same time, it also caught my attention. I think it is necessary to popularize what pseudo base stations are and the harm of pseudo base stations in recent years. Although the term pseudo base station looks professional, it actually doesn't need much communication knowledge to get a general understanding of its working principle. When this black box is broken, it will not be deceived by the increasingly realistic scam message.

What is the pseudo base station named at the 3 15 party frequently exposed by major media?

Everyone usually watches the news and even sees banners that crack down on pseudo base stations in their neighborhood committees. Where is the pseudo base station? How can He Dehe be the key roll call object of 15 CCTV 3 15 party? At the beginning of the article, the author first popularizes the definition of pseudo base station for everyone.

▲ CCTV exposure pseudo base station industry chain

A pseudo base station is a pseudo base station as its name implies. As we all know, the reason why mobile phones can make phone calls, send short messages and surf the Internet is because mobile phones can always receive signals from operators' base stations. Connect calls, short messages and data through the connection between base stations. Symbolic buildings such as signal towers are a kind of communication base stations. However, the type of base station is not limited to the form of signal tower. Some small base stations, which we call small cells, are more and more used in our daily life, and also solve the problem that many large base stations such as high-rise buildings and underground buildings cannot cover dead corners. With more and more high-frequency spectrum resources being developed, miniaturization of base stations is also the future development trend. A brief introduction is also to let everyone know that the pseudo base station is not what we usually think of as a false signal tower, and even the volume of the pseudo base station is similar to that of the express parcel, so it is easy to put it in the computer bag. There is probably a pseudo base station that is sending short messages in the passerby bag you pass by; It is also possible to hide a pseudo base station to collect information about nearby mobile phones in the van parked in the parking lot under the overpass for a long time.

What are the hazards of pseudo base stations? Have you ever met a pseudo base station?

CCTV once counted a data. In 20 14, there were more than 200 billion spam messages in China. In March this year, statistics show that the number of mobile phone users in China exceeded 129 billion, which means that in 14, everyone can receive an average of 200 spam messages. For an unsociable person like me, 200 short messages basically account for 60% of my short message box. Although the popularity of WeChat directly led to the decline of SMS business, it must be said that spam messages also played a role in the decline of SMS business.

Pseudo base station hazards 1: spam messages and fraudulent messages.

▲ Various pseudo base station fraud messages in the author's SMS box.

Friends around me always complain to the author that their phone information has been leaked countless times unconsciously, which leads to the fact that the short messages received every day are basically spam messages. Of course, there are also reasons for privacy leaks. However, according to relevant data, more than 70% of the 200 billion spam messages of 14 were sent by pseudo base stations. Pseudo-base stations adopt non-directional and intra-cell mass sending methods, that is, whether the sender of spam messages knows your phone number or not, as long as you are within the coverage of pseudo-base stations, you will receive spam messages. In other words, rampant spam messages no longer need to know your private information. Moreover, the pseudo base station has the function of simulating any telephone number. As we mentioned earlier, the fraudulent short message sent by "10086" was sent by a pseudo base station through an analog mobile phone number. Since the beginning of this year, fraudulent short messages have accounted for an increasing proportion of spam messages sent by pseudo base stations. This is also one of the reasons why public security organs and operators have stepped up their efforts to crack down on pseudo base stations.

Pseudo-base station hazard 2: occupying communication channels makes it impossible for mobile phones to talk, surf the Internet and send text messages normally.

▲ Pseudo base stations can be miniaturized into ordinary schoolbags.

If the pseudo base station only stays in the stage of sending spam messages, coupled with the improvement of anti-fraud awareness of most users, the impact of pseudo base stations on most people will only stay in the stage of harassment, but in fact, the harm of pseudo base stations is far more than that. We also briefly mentioned the working principle of the base station. When the mobile phone is within the radiation range of the pseudo base station, it will automatically connect to the pseudo base station under certain conditions (under what circumstances, the mobile phone will automatically connect to the pseudo base station). The pseudo base station itself does not have the function of carrying calls, short messages and networks. At this time, there will be a complete cell phone signal display, but you can't talk, surf the Internet or text messages. I believe that everyone has encountered this situation. When you want to make an emergency call, you find that the mobile phone with full signal can't dial, and other people's calls can't come in. It is very likely that you are within the radiation range of the pseudo base station.

Pseudo base station hazard 3: stealing user-related information

▲ Pseudo base stations are an important part of stealing user information.

When a mobile phone is connected to a pseudo base station, the pseudo base station controls the user's mobile phone network. During this period, the mobile phone will also send information to the pseudo base station according to the same rules as the normal base station, which also gives the pseudo base station the right to steal the network information of mobile phone users. At the same time, once a user clicks on a phishing website on a fraudulent short message sent by a pseudo base station, deeper information in the mobile phone, such as photos, address books and even bank card information, will be stolen by Trojans or downloaded virus applications. Of course, if you reach the above stage, it proves that you have been cheated.

Why can pseudo base stations run rampant? What is the working principle? You won't be cheated if you know!

In fact, everyone scoffed at online fraud and thought it was 2 1 century. As long as you remember that there will be no pie in the sky, you won't be cheated. Actually, it's not. We also mentioned that the pseudo base station can simulate anyone's phone number. Imagine, if one day a pseudo base station imitates your friend and sends you a short message, which appears in the chat conversation between you and your friend, will you feel real at the first time? This is not alarmist, but what pseudo base stations can really do. In fact, why are we cheated? Simply put, it is information asymmetry. When you understand the principle of pseudo base station, it's hard to be cheated. At this stage of the article, the author will explain the operation principle of pseudo base station to you in both popular and detailed ways.

An easy-to-understand explanation of PS. Just do the principle interpretation, and friends who want to know more can skip the direct browsing and explain in detail.

▲ Laptop+chassis-sized equipment constitutes a pseudo base station.

Simply put, the pseudo base station runs in the same frequency band as the normal base station, and the signal of the pseudo base station is stronger for the mobile phone around the pseudo base station. At this time, due to the mechanism that the mobile phone automatically selects the base station, the mobile phone will try to disconnect from the normal base station and switch to the embrace of the pseudo base station. Due to the lack of security mechanism in GSM network (that is, what we usually call mobile Unicom 2G network), the base station authenticates the mobile phone, but the mobile phone does not authenticate the base station. At this point, the mobile phone will send the identification code to the pseudo base station with stronger signal, and the pseudo base station will accept all orders and complete the connection with the mobile phone. There are several key points worthy of our attention: the automatic base station optimization mechanism of mobile phone, the one-way authentication mechanism of GSM network, and the pseudo base station receiving all the commands to establish connection. We can also see that the current pseudo base station can only invade mobile phones running on GSM network. Because of the two-way authentication mechanism of 3G/4G network, not only the base station can authenticate the mobile phone, but also the mobile phone can authenticate the base station, which greatly reduces the risk of being harmed by the pseudo base station. But if you think your network can rest easy on 3G or 4G, you are naive. At present, many pseudo base stations also have the function of shielding 3G/4G network signals.

Detailed explanation of pseudo base station operation mechanism

When the smart phone moves from one base station coverage area to another, it will receive the broadcast message of the new base station, and when it finds that the LAC in the broadcast of the new base station has changed, it will start the base station reselection mechanism. The mobile phone can judge whether it will pass through the handover area of the base station by identifying the signal strength of the surrounding base station network. This action is what the mobile phone has been scanning. Pseudo base stations trick mobile phones into re-selecting base stations through relatively high power (not necessarily high power, mainly by being close to the mobile phone). There will be an authentication process when re-selecting the base station. The authentication mechanism of GSM V 1 version is that the mobile phone sends the IMSI code to the base station. When the IMSI code is registered in the base station, the base station will send the TMSI to the mobile phone for subsequent communication processing and identification. Among them, we also see that in the authentication process of GSM V 1, only the base station verifies whether the mobile phone is legal, but the mobile phone does not verify whether the base station is legal. For the pseudo base station, no matter what IMSI code the mobile phone sends to the base station, it will receive all commands and establish a connection with the mobile phone, and then it will send spam messages, fraudulent messages, phishing websites and other information to the mobile phone. At present, the pseudo base station technology has also undergone several generations of upgrades, which can change its LAC value after sending a short message, so that the mobile phone can quickly log off the network, thus saving the number of terminals connected to the pseudo base station and covering spam messages to the maximum extent. Moreover, it can also be simulated as an arbitrary phone number when sending information, which is why we often receive fraudulent short messages from "official" numbers such as 10086 and 95583.

▲GSM authentication vulnerability is an important reason for the survival of pseudo base stations.

It can be seen that pseudo base stations are basically only for users of GSM networks. The reason is that 3G and 4G standard networks have two-way authentication mechanism. Not only will the base station identify whether the mobile phone is legal, but the mobile phone will also identify the legality of the base station, so that the pseudo base station will not have the opportunity to be inspected. However, at present, some pseudo base stations can block 3G/4G signals at the same time, forcing the mobile phone to stay in the GSM network, thus cheating the connection. For CDMA users, there is no pseudo base station for CDMA users at present. In fact, CDMA 1X network also adopts the mechanism of single authentication. However, due to the small number of users in CDMA network, the lack of mature supporting software and the consideration of security issues at the initial stage of its design, the cost of making pseudo base stations for CDMA network is very high. This is why mobile phone users seem to receive more spam messages.

How to identify and prevent pseudo base stations?

Principle In front of us, we briefly talked about the problem that pseudo base stations can be connected with mobile phones. At present, there are basically the following solutions for pseudo base stations in the industry:

1. Lock the signal to 3G and 4G networks: In this way, users can operate by themselves and effectively solve the problem of spam messages from pseudo base stations. But at the same time, the negative impact is also very significant. First of all, most mobile users are still using the CSFB call network standard, which means that 3G and 4G networks cannot be used to carry call services. So basically, this move is not realistic for current mobile users. For Unicom users, WCDMA network can carry the call service, but if there is a real dead angle in the network, the mobile phone still needs to fall back to 2G network, so this method to prevent pseudo base stations belongs to throwing watermelons and picking sesame seeds.

2. Replace the USIM card: At present, many business halls claim that the problem of pseudo base stations can be solved by replacing the USIM card. The reason is that USIM has a mechanism that supports two-way authentication, content encryption and communication process encryption. But as we said before, the single authentication mode of GSM V 1 version is still the mainstream authentication mode of GSM, and it has not been banned. Therefore, even if the USIM card is used, the pseudo base station can make the mobile phone return to the 2G mode through signal interference, and then make a disguised connection. It seems that replacing the USIM card can't completely stop the pseudo base station.

3. Adopt all kinds of mobile phone security software: At present, for pseudo base stations, major domestic manufacturers have introduced security software to identify short messages from pseudo base stations, such as Baidu Guardian and 360 Guardian. And the shielding efficiency of short messages sent by pseudo base stations is also very high. However, we need to note that no software vendor has announced its own mechanism to block short messages from pseudo base stations. Whether it is possible to identify whether a mobile phone is within the coverage of a pseudo base station by software, or whether it is a pseudo base station short message by identifying the keywords of the short message content, is still inconclusive. If the latter form is used to determine whether the user's privacy has been violated, there is no good definition standard at present. However, it is undeniable that this is one of the few methods that can really identify the short messages of pseudo base stations, and it is also the most widely used.

4. Identify pseudo base stations by hardware: We mentioned that the reason why pseudo base stations can exist is GSM single authentication. Although GSM can't provide a two-way authentication mechanism, it can also identify whether a base station is a normal base station through a hardware chip. There are still huge differences between normal base stations and pseudo base stations in many related parameters. Therefore, for example, Huawei Mate 8 mobile phone just launched at present also effectively identifies pseudo base stations through this form. This is also one of the few anti-counterfeiting base station methods with clear mechanism and no invasion of user privacy. In the future, it is also most likely to be promoted as a standard mechanism for smart phones.

Related reading: pseudo base station Baidu Encyclopedia

GSM authentication methods and vulnerabilities

Whether replacing USIM card can solve the problem of pseudo base station.