Vienna Arrest Reveals SMS Blaster Attack During Eurovision

Austrian authorities arrested a 32-year-old Chinese national in Vienna on May 14 after investigators connected him to a sustained SMS blaster attack that had been running across the city since at least April 6. The operation targeted densely crowded locations, including large public events, among them Eurovision 2026, which was underway in Vienna at the time of his arrest. Millions of fraudulent text messages were sent. He confessed.

How the Attack Worked

An SMS blaster is a portable device that impersonates a legitimate cellular base station. When activated, it forces nearby phones to connect to it by broadcasting a stronger signal than real towers in the area. Once connected, every device within range receives whatever message the operator pushes, no phone numbers required. Carrier filters never see the traffic because the messages bypass the network entirely.

This suspect's device could send up to 100,000 messages per hour. The fraudulent texts impersonated well-known parcel delivery services and mobile network operators — the kind of messages people open without thinking twice.

There is also a secondary consequence that rarely gets attention. While a phone is connected to a rogue blaster, it loses access to calls, SMS, and mobile data on the legitimate network. That includes emergency services. Investigators noted that the devices carry a significant radiation risk as well, a detail that became relevant when authorities found the suspect's six-month-old son in the car at the time of arrest. He now faces charges of attempted commercial fraud alongside endangering the physical safety of his child.

Weeks of Activity Before the Arrest

Investigators from the Vienna State Criminal Investigation Office, working alongside a mobile network operator, detected the suspicious pattern and traced it back to at least April 6. The operation was not a one-day event. Devices were active for hours at a stretch, sometimes returning to the same locations multiple times in a single day. The targets were deliberate: high foot traffic, large gatherings, densely packed public spaces.

Eurovision 2026, held in Vienna and drawing a global broadcast audience of over 166 million, created exactly the kind of environment this attack was built for. Tens of thousands of international visitors, phones in hand, connected to unfamiliar networks, concentrated in and around a single venue over multiple weeks.

On May 14 at 3:47 PM, the elite Cobra special unit stopped the suspect's vehicle and arrested him. Inside the car, investigators seized one SMS blaster along with additional equipment. A house search later turned up a second blaster, two laptops, ten mobile phones, two tablets, batteries, voltage converters, and further technical accessories. The suspect confessed during questioning and was remanded in custody by order of the Vienna Public Prosecutor's Office.

A Wider Security Picture

The SMS blaster arrest was not the only threat Austrian authorities had to contend with during the contest. Police recorded approximately 500 attempted cyberattacks targeting Eurovision 2026 infrastructure, including the official Eurovision website and access control systems at the venue. All were thwarted. Around 3,500 Austrian police officers were deployed during the final week, supported by special units from Bavaria.

The Vienna case fits a pattern that has been accelerating globally. In the UK, a man was jailed for over a year after driving an SMS blaster around London for several days in March 2025, reaching tens of thousands of potential victims. Canadian authorities later arrested three men whose device caused an estimated 13 million network entrapment incidents across the Greater Toronto Area, with 44 charges filed. Arrests have also been recorded in Switzerland, Taiwan, and Thailand.

The devices are relatively low-cost, portable enough to fit in a backpack or car boot, and, in many countries, still legal to purchase. That combination has made them an attractive tool for organised criminal networks running smishing operations at scale.

What Makes Large Events a Prime Target

SMS blasters have always performed best in crowds. The technology was originally developed for law enforcement as a signals intelligence tool, and its effectiveness scales directly with the density of devices in range. A device broadcasting in a quiet suburb reaches a fraction of what the same device achieves outside a concert hall or sports venue.

Major international events concentrate exactly the conditions attackers want: large numbers of people, many of them tourists or visitors unfamiliar with local scam patterns, all carrying phones and many expecting legitimate notifications about travel, transport, or event logistics. A message claiming a parcel is awaiting delivery, or that a mobile account needs verification, lands with far more credibility when someone is travelling and actively managing logistics.

That is not a theoretical risk. It is the attack that just ran in Vienna for six weeks.

Protecting Yourself Against Smishing

The most reliable defence against SMS blaster attacks is to treat every unsolicited text as suspect, regardless of how convincing the sender name looks. Blaster messages can spoof trusted brand names completely, so the appearance of a message is no guide to its legitimacy.

On Android devices, disabling 2G connectivity removes the most common attack vector, since many SMS blasters exploit 2G protocol weaknesses to force connections. This does not cover all configurations, more advanced setups can target LTE networks, but it closes the most widely used entry point.

Beyond that, the rule is straightforward: never click links in SMS messages. If a parcel service or bank needs your attention, go directly to their official website or app. SMS should be treated as an insecure channel for anything involving credentials, payments, or personal data.