Canada’s First SMS Blaster Bust: Three Arrested in Toronto for Smishing Fraud That Blocked 911 Calls

What Happened

Toronto police concluded Project Lighthouse — Canada’s first criminal investigation into SMS blaster devices — with three arrests and 44 combined charges. Authorities seized multiple SMS blasters from suspects linked to addresses in Hamilton and Markham: 27-year-old Dafeng Lin, 25-year-old Junmin Shi, and 21-year-old Weitong Hu. Charges include fraud and mischief endangering life.

SMS blasters are portable devices engineered to impersonate legitimate cell towers. When activated, nearby phones connect to the rogue tower rather than the carrier network. The suspects drove the devices through the Greater Toronto Area, silently pulling phones off legitimate networks, then blasting fraudulent text messages containing links to credential-harvesting sites. During the operation, investigators recorded 13 million network disruptions — meaning for measurable periods, affected devices lost connection to genuine carrier infrastructure.

The investigation began in November 2025 after a cybersecurity partner alerted Toronto Police Service to a suspected blaster operating in downtown Toronto. Search warrants were executed in Hamilton and Markham in March 2026 before the final arrest this week. Source: CBC News

Why This Matters for Canadian Organizations

Project Lighthouse marks the first confirmed SMS blaster operation in Canadian history, and its implications extend well beyond the three men charged. The technology itself — commercially available in some jurisdictions and trivially deployable — is new to Canada’s threat environment. Security teams across the country now face a credible physical-layer smishing threat they had not previously needed to model.

Beyond credential theft, the 911 disruption angle is the most alarming element of this case. SMS blasters that pull devices off legitimate networks do not selectively target fraudsters’ victims — they affect every phone in range, including people trying to reach emergency services. This makes SMS blasters a public safety threat as well as a financial fraud tool. The mischief endangering life charges reflect this dual character.

Canadian retail, financial services, and government organizations whose employees receive SMS-based MFA codes or corporate communications are directly in scope. An SMS blaster operating in a business district or near a corporate campus creates an environment where employees receiving spoofed texts appear to be receiving carrier-delivered messages, not web-based phishing. Standard user education about “phishing links” does not prepare staff for a scenario where the text arrives through the cellular network itself.

For telecommunications providers, this incident signals that IMSI-catcher and rogue base station detection — technology used primarily by national security agencies — needs to become part of the broader threat detection posture. TELUS, Rogers, and Bell, which faced their own major incidents in 2025 and 2026, should treat SMS blaster detection as an urgent capability gap.

What to Do

Security teams should review their SMS-based authentication dependencies immediately. Move high-value accounts away from SMS MFA toward hardware security keys or authenticator apps, which are immune to cellular-layer interception. Educate employees that smishing attacks delivered via SMS are indistinguishable from legitimate texts at the device level when an SMS blaster is in use — the message appears to come from the carrier, not from the web.

Organizations with physical premises in high-density urban areas should work with their telecommunications providers to understand baseline coverage patterns and flag anomalous network disruptions. Any unexplained mass drop in cellular connectivity near a facility warrants reporting to the Canadian Centre for Cyber Security (CCCS) and the carrier.

The CCCS has not yet issued a specific advisory on SMS blasters, but organizations aligning with CCCS guidance on phishing resistance should treat this case as a signal to accelerate the move to phishing-resistant MFA across all sensitive systems.