Leadership
Cybercrime
Nation-state
Influence Operations
Technology
Cyber Daily®
Click Here Podcast
✉️ Free Newsletter
Canadian police have arrested three men in what authorities describe as the country’s first known criminal case involving the use of a mobile “SMS blaster,” a device capable of impersonating a cellular tower to send mass phishing messages and disrupt mobile networks.
The Toronto Police Service said Thursday the investigation began last November after authorities were alerted to a suspicious device operating in downtown Toronto. Over the following months, police tracked the device moving through several locations across the Greater Toronto Area.
Two suspects were arrested in March and authorities seized a large amount of electronic equipment, including several mobile SMS blasters. A third man turned himself in to police earlier this week.
During the operation of the blaster, tens of thousands of mobile phones are believed to have connected to the rogue system, according to police.
Authorities recorded more than 13 million network disruptions linked to the devices. These disruptions could temporarily prevent phones from connecting to legitimate cellular networks, potentially limiting access to emergency services such as 911 for periods ranging from a few seconds to several minutes.
“This is a new and emerging threat in Canada — one that uses advanced technology to reach thousands of people at once and exploit their trust,” Deputy Chief Robert Johnson said in a statement.
“What makes this particularly concerning is the scale and impact. This wasn’t targeting a single individual or business. It had the ability to reach thousands of devices at once.”
SMS blasters operate by mimicking legitimate cellular base stations, effectively tricking nearby phones into connecting to them instead of official mobile networks.
Once a phone connects, attackers can send text messages that appear to originate from trusted organizations such as banks or government agencies. The messages typically contain links directing victims to fraudulent websites designed to steal sensitive information such as banking credentials or passwords — a tactic widely known as “smishing,” or SMS phishing.
Because the device acts as a rogue cellular tower, nearby phones may temporarily lose their connection to legitimate networks while attached to the system.
Similar attacks have been reported in several countries, including Greece, Thailand, Indonesia, Qatar, and the United Kingdom, often involving fake base stations hidden inside vehicles and driven through densely populated areas.
In one case last year, Thai police arrested two suspects who admitted they had been hired by a Chinese handler to broadcast thousands of phishing messages per day using telecom equipment hidden in a car. A Chinese student in London was sentenced in June to more than a year in prison for operating a similar system while driving through the city.
Canadian police did not disclose the suspects’ identities or specify whether victims suffered financial losses. The investigation remains ongoing.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.
Privacy
About
Contact Us
© Copyright 2026 | The Record from Recorded Future News

source