A broken system of online authentication is being exploited by criminals, forcing cyber security firms to develop new solutions to secure user identities and data.
Sophisticated techniques to snare unsuspecting online shoppers into parting with sensitive personal information have moved on from standard phishing emails and messages.
Criminal gangs have now turned to setting up shadow cellular networks to trick victims into replying to fake bank messages and demands.
The latest rogue techniques were exposed in a recent investigation by Dubai authorities. An elaborate scheme hijacked mobile phone signals, to send out dummy banking alerts to wealthy victims in Dubai Marina and the Palm Jumeirah.
A gang of three Asian men were recently jailed for six months, after police traced copycat mobile transmissions to a vehicle on The Palm.
It is a major criminal offence to deploy the techniques used, although the equipment required is generally available as it can also be used for research purposes, experts said.
A 5G stack is a software-based system that manages regular data transmission and signal processing between users.
Criminal gangs can run a parallel network by jamming legitimate 5G frequencies by operators such as Etisalat or Du using an IMSI Catcher or SMS Blaster.
Backpacks
The illegal devices mimic a cellular base station to send mass, unsolicited text messages to mobile phones within a 2,000-metre radius.
Devices are often hidden in backpacks or vehicles, to exploit older, more vulnerable 2G networks that bypass in-built spam filters, without needing recipient phone numbers.
“The challenge for these threat actors isn't the technology – it's the physics of signal dominance,” said Agam Chaudhary, chief executive of Two99, a consortium of agencies that help protect businesses around the world from malicious online threats.
“By executing a signal downgrade attack, this forces nearby mobile devices to failover to 2G [GSM], a legacy protocol from the 90s that lacks mutual authentication. The phone trusts the tower, but the tower doesn’t have to prove it’s legitimate. The hardware stack is dangerously simple.”
To generate the dummy network, criminals typically use a standard laptop running open source telecom stacks that combine hardware and software to share data and manage communication protocols.
When a radio transmitter is added alongside a high-gain antenna, criminals can overpower local legitimate cell towers.
Unlike some regions where the practice is treated as a nuisance, the GCC views unauthorised spectrum usage as a national security threat and has taken a zero-tolerance approach.
Under UAE telecoms law and recent cybercrime amendments, operating a fake base station is a non-bailable offence. Penalties include imprisonment of up to five years and fines ranging from Dh500,000 to Dh2 million.
Invisible attack
For the consumer, an attack is often invisible as it happens at the baseband level, below the operating system.
Mr Chaudhary said mobile users can engage a kill-switch inside a mobile device that prevents attacks happening.
“If you are in a high tech corridor like Downtown Dubai or Riyadh’s KAFD, areas with saturation 5G coverage, and your phone suddenly drops to '2G' or 'E', you are likely under attack,” he said. “The kill switch we advise all high-value targets is to strictly disable 2G on their devices.”
On Android devices, this means forcing LTE/5G only via developer settings. If the phone refuses to speak 2G, the blaster is unable to catch it.
Users can further protect themselves by moving communications to encrypted channels such as Signal or WhatsApp, as SMS is now considered an insecure protocol.
“The takeaway is simple: we are no longer securing connections; we are securing identity,” said Mr Chaudhary. “The legacy trust model is fundamentally broken, we cannot patch our way out of this with better firewalls or longer one time passwords.
“The sheer computer power available to bad actors means the cat and mouse game is over; the game itself has changed.”
Most at risk
Organisations that rely on 1990s-era telecom protocols to secure online data are likely to be most vulnerable to cyber attacks.
In a 2026 threat landscape set to be dominated by artificial intelligence, older systems are not just vulnerable, but already compromised.
Recent findings from the Google Threat Intelligence Group identified several state sponsored actors and criminal groups from China, Iran, North Korea and Russia that looked to exploit weaknesses in online security across the world.
Google’s intelligence division said threats targeted defence companies using battlefield technologies in the Russia-Ukraine war, as well as disrupting supply chain sectors and manufacturing.
“Over the last few months, Google Threat Intelligence Group has observed threat actors using AI to gather information, create super-realistic phishing scams and develop malware,” the company said.
“While we haven’t observed direct attacks on frontier models or generative AI products from advanced persistent threat [APT] actors, we have seen and mitigated frequent model extraction attacks [a type of corporate espionage] from private sector entities all over the world – a threat other businesses’ with AI models will likely face in the near future.”
