Belgium Targeted by Smishing via Cellular Routers
Are your home or business routers sending text messages you never authorized? The unsettling reality reported in Belgium shows how attackers are turning everyday cellular-capable routers into weapons for smishing via cellular routers. Security researchers have documented campaigns where compromised Milesight devices were abused to send phishing SMS messages that impersonate banks, parcel services, and government agencies — all to trick recipients into clicking fraudulent links.
How attackers weaponize routers
Cellular routers from vendors such as Milesight often include an SMS gateway function designed for legitimate tasks: administrators can receive alerts, perform remote management, or interface with legacy systems. Those convenience features, however, create an attack surface when devices are left with default passwords, unpatched firmware, or exposed management interfaces. Instead of purchasing compromised phone numbers or renting bulk-SMS services, attackers gain access to the router’s SMS interface and send texts that appear to originate from the local network’s hardware. Because messages come from a local or familiar source, recipients are more likely to trust them — and that trust dramatically increases the effectiveness of smishing.
Smishing via Cellular Routers: why it matters
Smishing is already effective because it pairs the immediacy of SMS with psychological pressure: short messages, perceived urgency, and links that prompt quick action. Smishing via cellular routers escalates the threat by changing the message provenance. Network teams often monitor email gateways and web traffic for malicious behavior, but they rarely look for outbound SMS commands generated by edge devices. Similarly, mobile endpoint protections seldom verify the true origin of an SMS. The result: malicious texts can slip past traditional monitoring and deceive even security-aware users.
Real-world implications and attack patterns
In the Belgian incidents, attackers pushed phishing links to local numbers by abusing router SMS functions. Messages mimicked trusted services and included links to credential-phishing pages or malware-delivery sites. By originating from the victim’s own router hardware, these messages carried an implicit credibility that typical spoofed numbers lack. Attackers also benefit operationally: using routers removes dependency on third-party SMS providers that may be monitored, blocked, or traceable. It enables highly targeted, localized campaigns where the sender appears plausibly legitimate.
Practical steps for device owners and administrators
– Change default credentials immediately: Replace any vendor-supplied usernames and passwords with strong, unique credentials. Consider using passphrases and a password manager.
– Update firmware promptly: Check vendors’ security advisories and apply official firmware updates. If automatic update options are available, enable them carefully after testing.
– Disable unused services: If your router doesn’t need an SMS gateway, turn it off. Disable remote management features unless they are explicitly required and hardened.
– Monitor outbound SMS activity: Network administrators and service providers should log and analyze SMS-sending commands from router fleets, applying rate limits and anomaly detection to flag suspicious patterns.
– Harden access controls: Segregate management interfaces from general user networks, limit access by IP or VPN, and enable multifactor authentication where supported.
– Educate end users: Train staff and household members to treat unexpected texts skeptically, verify links through official channels, and report suspicious messages promptly.
Policy and industry responses
The Belgian incidents highlight a structural problem: many IoT and edge devices ship with features intended for managed deployments but are left enabled and exposed in homes and small businesses. Regulators in the EU are moving toward device-security standards, and upcoming product-security rules encourage secure-by-design practices. However, enforcement, firmware deployment at scale, and the aftermarket burden for small vendors remain challenges. Mobile operators and policymakers could consider measures to trace and block SMS originating from consumer routers, or require stronger authentication for SMS-sending APIs on network devices.
Why this should concern everyone
Adversaries are shifting tactics: rather than relying exclusively on high-profile zero-day exploits, they increasingly exploit misconfigurations and overlooked functions. Using routers as message vectors enables localized, believable social-engineering campaigns that are harder to detect and mitigate. This incident is a reminder that cybersecurity must extend beyond servers and endpoints to the edge devices that bridge networks and mobile users.
Conclusion: stay vigilant about Smishing via Cellular Routers
If a device in your home or office can send SMS on your behalf, ask whether it should. Smishing via cellular routers turns convenience into danger, so vendors, operators, regulators, and users all share responsibility: vendors must design and support secure products, operators should monitor and rate-limit outbound messaging, regulators must set realistic security baselines, and users should apply basic hygiene — change defaults, patch promptly, and disable unnecessary features. Treat unexpected local-looking texts with suspicion and verify through official channels before clicking links.




