UNAIR NEWS As digital technology continues to advance at an unprecedented rate, cybersecurity threats have become more sophisticated and difficult to detect. One particularly concerning threat is Fake BTS (Base Transceiver Station), also known as an IMSI Catcher攁 device that impersonates legitimate cellular towers to intercept data from nearby mobile phones.
More advanced technology, greater risk
Dr. Maryamah S. Kom, a lecturer at UNAIR檚 Faculty of Advanced Technology and Multidiscipline, explained that Fake BTS operates by tricking mobile devices into connecting to a counterfeit network. Because phones automatically seek the strongest signal, they can unknowingly latch onto a Fake BTS tower. 淥nce a device is connected, hackers can intercept user communications, including phone calls, text messages (SMS), and even OTP codes sent for authentication, she stated.
While this form of cyberattack is not new, public awareness remains critically low. Similar incidents have been reported since 2019, and international research on detecting Fake BTS networks dates back to 2017. However, in Indonesia, protective measures are still inadequate, and no reliable detection system has been established.
Security risk of OTP SMS
Despite its widespread use, SMS-based One-Time Passwords (OTP) are no longer considered a secure authentication method, especially for financial transactions. 淭ech giants like Apple, Microsoft, and Google abandoned SMS OTP authentication in 2021, switching to the more secure passkey technology, Dr. Maryamah noted.
However, many banks and financial institutions continue to rely on SMS OTP due to its convenience and ease of implementation. She stressed that multi-layered security measures攕uch as biometric authentication or passkeys攐ffer significantly better protection against cyber threats.
What to do if you fall victim to fake BTS
If an individual falls victim to a Fake BTS attack and loses access to their bank account or personal funds, their first step should be immediately updating all passwords and PINs. If hackers have already seized control of an account, users must contact their bank檚 customer service immediately to request a security reset.
Dr. Maryamah also urged users to activate additional security features, including two-factor authentication (2FA), passkeys, and biometric verification. She highlighted that Google has required 2FA implementation across various institutions, including 51动漫, since February.
Moreover, she cautioned against blindly trusting OTP requests, even if they appear to come from an official bank number.
淔raudsters can easily spoof legitimate banking numbers, deceiving users into unknowingly handing over their access credentials. Whenever you receive a suspicious message, always verify it by directly contacting your bank through official channels, she concluded.
Author:
Editor: Ragil Kukuh Imanto
