Toronto police have arrested three men in connection with Canada’s first known criminal case involving a mobile “SMS blaster,” according to therecord.media.
The device, which mimics a legitimate cellular tower, allows attackers to send mass phishing messages and disrupt mobile networks. Authorities began investigating the matter last November after detecting a suspicious device operating in downtown Toronto.
Over several months, investigators tracked the device as it moved through various locations across the Greater Toronto Area. Two suspects were arrested in March, during which police seized a large amount of electronic equipment, including multiple SMS blasters. A third man turned himself in to police earlier this week, the outlet reported.
Mass network disruption
During the operation of the blasters, tens of thousands of mobile phones are believed to have connected to the rogue system. Police recorded more than 13 million network disruptions linked to the devices.
These disruptions can prevent phones from connecting to legitimate cellular networks. This includes potential outages for emergency services like 911, lasting from a few seconds to several minutes.
“This is a new and emerging threat in Canada — one that uses advanced technology to reach thousands of people at once and exploit their trust,” Deputy Chief Robert Johnson said in a statement.
“What makes this particularly concerning is the scale and impact. This wasn’t targeting a single individual or business. It had the ability to reach thousands of devices at once,” Johnson added.
SMS blasters operate by tricking nearby phones into connecting to them instead of official mobile networks. Once connected, attackers can send text messages appearing to come from trusted organizations like banks or government agencies.
These messages often contain links to fraudulent websites designed to steal banking credentials or passwords, a tactic known as “smishing.” Because the device acts as a rogue tower, users may temporarily lose access to legitimate cellular service while attached to the system.
Similar attacks have been documented internationally, including in Greece, Thailand, Indonesia, Qatar, and the United Kingdom. In some instances, fake base stations are hidden inside vehicles and driven through populated areas.
Last year, Thai police arrested two suspects who admitted to broadcasting thousands of phishing messages per day using equipment hidden in a car. In London, a Chinese student was sentenced to over a year in prison in June for operating a similar system while driving through the city.
Canadian police have not released the identities of the suspects or confirmed if any victims suffered financial losses. The investigation is ongoing, therecord.media reported.
