A growing number of security vulnerabilities in the 2G network have been exploited by hackers and cybercriminals in recent years.

Mobile device users in Vietnam have been warned about crimes such as fraudulent SMS messages and fake messages from authorities.

Despite the many risks and potential threats related to security vulnerabilities in the 2G network, Vietnamese telecom operators do not seem to have an effective solution to them, resulting in more people falling victim to cybercriminals.

So many risks

On March 20, Hoang Thien, a resident of Thu Duc City under Ho Chi Minh City, received a fraud message telling him that the balance of his bank account had just been changed and asking him to click a link to confirm.

“I have received many fake messages that look like they are coming from my bank. I can’t remember how many of them I have received,” Thien said angrily.

Many others have been bothered by similar messages.

Inspectors from the Vietnamese Ministry of Information and Communications discovered on March 18 that three suspects had installed an illegal Base Transceiver Station (BTS) in Ho Chi Minh City. A BTS is a fixed radio transmitter in a mobile network used to connect mobile devices to the network.

The suspects told inspectors that they sourced the BTS from the Chinese to install in some places in Tan Binh District and District 12, Ho Chi Minh City to spread scam messages.

Local authorities said the illegal devices might pose various dangers to users in the city.

These include radio frequency interference, which in turn affects the services of telecom operators and also end users.

In addition, such BTS units can enable cybercriminals to spread up to 80,000 messages per day on average, fake messages from government agencies, banks, or individuals to pursue fraud goals, and send out texts to incite violence or gambling.

At the beginning of 2021, reports surfaced of many text messages sent by an illegal BTS without using the official services of mobile operators in Vietnam.

The scam texts were often altered to look like they came from authentic sources in order to deceive recipients.

They also have a popular form with advertisements and directives that contain a link to a fake website to trick readers into clicking.

Once they have clicked on the link, their personal information, including sensitive data such as financial records, ID/passport numbers, phone numbers or emails, or one-time passwords for banking, were easily compromised.

Criminals took advantage of some architectural vulnerabilities in previous wireless network technologies, which include 2G, and the illegal BTS to stage such scams, according to the Vietnam Information Security Agency.

A man holds two mobile devices in his hands, with a distant cell tower in the background. Photo: Tu Trung - Tuoi Tre

A man holds two mobile devices in his hands, with a distant cell tower in the background in Ho Chi Minh City. Photo: Tu Trung / Tuoi Tre

So many potential threats

In fact, most of these scam messages were sent over the 2G network, which was developed many years ago, a technical engineer told Tuoi Tre (Youth) newspaper.

The majority of the mobile devices used in Vietnam currently still support 2G, including the most advanced ones.

“Due to the simple characteristics of the 2G network when logging in and connecting, all mobile devices that support this network can access any fake BTS easily,” he said.

“Therefore, cybercriminals mostly use this type of network to send scam messages.”

Security experts and companies around the world have been warning about the risks and potential threats posed by 2G network technology for years.

They said the network is now outdated and riddled with security vulnerabilities that can be abused by criminals.

Much of the problem lies in the underlying Signaling System No. 7 (SS7) protocol used to exchange signaling messages on 2G (and 3G) networks.

SS7 was developed years ago and has some specific loopholes that make it susceptible to a variety of threats and attacks, including eavesdropping, SMS interception, and fraud.

Apart from these vulnerabilities, cybercriminals can also gain access to SS7 networks via the dark web.

Users in Vietnam are sometimes annoyed by the high bills when they mistakenly use a Greedy Perimeter Stateless Routing connection over the 2G network in their mobile devices.

While many mobile operators are moving to next-generation networks, the existing 2G mode may become an obstacle.

So it is necessary to retire 2G networks as soon as possible.

Why cannot 2G be shut down quickly?

According to information obtained by from Tuoi Tre, Vietnam’s Ministry of Information and Communications planned to close down the 2G network by 2023 or even in 2022 in order to promote the growth of the newer 4G and 5G networks.

To this end, one of the most necessary and important tasks is to reduce the number of 2G mobile device users.

The ministry ordered a ban on the import of this type of mobile device to Vietnam from July 1, 2021, and asked mobile device manufacturers to produce low-priced smartphones to gradually replace 2G devices.

The Ministry of Information and Communications set a 2022 target to promote the use of modern smartphones and phase out old mobile technologies.

It hopes to reduce the proportion of 2G mobile device users to five percent by December 2022.

Despite this plan, a senior executive of a mobile operator told Tuoi Tre that he had not heard of the scheme to cease 2G networks.

It is likely that the plan will not be implemented this year after all.

2G has been abandoned in many countries around the world, especially in Asian countries. Japan, for example, stopped 2G networks in 2011.

In Singapore, three major mobile operators M1, Singtel, and StarHub eliminated 2G in 2017.

In China, telecommunications provider China Unicom also announced plans to halt 2G technology last December.

How are people duped with 2G even though they use 3G?

Although 3G and 4G wireless networks are popular in many cities right now, cybercriminals use tricks to automatically switch many mobile devices to a lower network technology like 2G to compromise them.

Usually, most smartphones are designed to accept wireless networks in order from high to low for connection, so they prefer 4G, 3G, and then 2G.

Criminals use an electronic device to create a radio frequency interference of 3G and 4G networks, which makes the devices connect to the nearest BTS to maintain a connection.

At the same time, a fraudulent BTS is available and ready to link to the victims’ devices.

Once the devices are connected, the hackers can do whatever they want.

Like us on Facebook or follow us on Twitter to get the latest news about Vietnam!