Google has highlighted a security lapse on Samsung’s Android devices. Galaxy phones and tablets lack a fundamental feature to disable 2G networks in some regions, leaving them vulnerable to cell-site simulators, which are radio devices used for network-based security attacks. Android OS has offered this ability since Android 12 but Samsung hasn’t yet implemented it on its products globally.
Galaxy phones cannot disable 2G networks, and that’s a security flaw
Cell-site simulators, also known as False Base Stations (FBS) or Stingrays, are radio devices that can simulate real cell sites. Fraudsters and scammers use these devices to trick nearby devices into connecting to fake 4G/5G cellular networks controlled by them. Once connected, they force the devices to 2G networks that aren’t as secure as newer network standards. 2G networks lack many crucial security features offered by 4G/5G networks.
Criminals leverage these security shortcomings to compromise those devices. As Google explains, 2G networks lack the mutual authentication security measure, allowing the attackers to force connections to be unencrypted. They inject spam into the devices for more devastating attacks. They can surveil the devices connected to their fake networks, intercept their communications, disseminate malware, and execute financial fraud.
These types of security attacks can compromise any device that supports 2G networks, regardless of whether your carrier offers 2G services. Thankfully, Android 12 and newer versions have a built-in tool to disable 2G networks at the modem level. Once disabled, your Android phone cannot connect to 2G networks, keeping it safe from cell-site simulators. Attackers may trick it into connecting to their fake 4G/5G networks but can’t force it to 2G.
Since 4G/5G networks are available almost everywhere, disabling 2G should not harm you. If required, you can enable 2G temporarily and disable it right after you are done. Unfortunately, Samsung devices do not offer this function in globally—the option is available in some countries. Flagship models like the Galaxy S24 Ultra also lack this fundamental tool. The device can be forced to 2G-only mode but you cannot disable 2G.
As such, Galaxy users are at risk of security attacks based on cell-site simulators. Hopefully, Samsung is taking note and will address this security lapse sooner rather than later. Since the function is already available in some regions, it shouldn’t be a big ask. You can go to Settings > Connections > Mobile networks to check if you have the option to disable 2G networks. If you do, it’s safer to block 2G services and only allow them when required.
