Toronto Police Catch Criminals Using Fake Cell Phone Towers to Steal Data

Toronto Police have arrested three people in connection with the first known SMS blaster operation in Canada. The investigation, called Project Lighthouse, resulted in two arrests last month and one more this week, according to Data Center Dynamics.

The arrests involve the alleged use of a device that mimics legitimate cell phone towers. This device tricks nearby phones into connecting to it instead of real towers, giving criminals the ability to intercept text messages, send fake messages that look legitimate, and block phones from reaching the actual network — including emergency calls to 911.

How These Fake Towers Work

Think of it like setting up a counterfeit checkpoint on a highway. Your car automatically heads toward what looks like an official exit, not knowing it's fake. Once the car takes that exit, the operator controls what happens next.

SMS blaster devices broadcast cell phone signals that are stronger than real towers nearby. Your phone automatically connects to the strongest signal it can find, which is how these devices trick phones into linking up with them. Once connected, criminals can intercept your text messages, send fake ones in your name, or block you from using your phone entirely.

The damage depends on where the device is placed and how powerful it is. In a crowded city area, a single device could affect hundreds or thousands of people in just a few hours.

How Many People Were Affected

Initial reports suggest the Toronto operation affected a large number of people. Global News reported that the cyberattack impacted 13 million people. This number likely includes people with multiple devices — smartphones, tablets, smartwatches — that all connected to the fake tower.

The broader concern here is that this attack works differently from the scams most people are familiar with. Unlike phishing emails or malware, which rely on you clicking something or downloading something, SMS blaster attacks don't need your help. They exploit how cell phone networks are designed to work.

Why This Is Hard to Stop

Detecting these fake towers is surprisingly difficult. Unlike a virus that leaves traces in your phone or computer, a rogue tower operates on its own, separate from the legitimate network. Phone companies use special monitoring equipment to detect these devices, but criminals can move the equipment quickly or use settings that evade detection.

For most people and organizations, there's almost nothing you can do to protect yourself once one of these devices is active in your area. Your phone automatically connects before you even know what's happening, and standard security software can't stop it because the attack happens at the level of how your phone connects to the network.

What Happens Next

The Toronto arrests are significant because they set a precedent in Canada for how law enforcement will handle these attacks. The fact that police built an investigation around this suggests they've developed the technical expertise to detect and pursue these cases.

However, the fundamental problem remains. Cell phone networks were built to prioritize staying connected over security. That design choice made sense twenty years ago, but it creates vulnerabilities that are hard to fix completely.

For organizations that depend on cell phones for critical work — hospitals, emergency services, utilities — this case raises a real question: what happens if your main way of communicating gets cut off. It's worth thinking about backup systems that don't rely only on regular cell networks. As this technology evolves, so will the ways people try to exploit it.