That annoying SMS phish you just got may have come from a box like this
Scammers have been exploiting unsecured cellular routers made by China-based Milesight IoT Co., Ltd., typically used in industrial settings, to send SMS phishing messages since 2023. These rugged IoT devices connect various remote industrial devices to central hubs using cellular networks and can be controlled via text message, Python scripts, and web interfaces. Security firm Sekoia discovered over 18,000 vulnerable routers accessible on the Internet, with some having outdated firmware and known vulnerabilities, making them easy targets for abuse. The misuse of these routers highlights the importance of securing IoT devices to prevent such phishing campaigns.
Ars Technica•