This is merely a historical archive of years 2008-2021, before the migration to mailman3.
A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/baseband-devel@lists.osmocom.org/.
Harald Welte laforge at gnumonks.orgHi!
On Tue, Feb 07, 2012 at 01:05:04PM +0300, ty wrote:
> specifically Kenya, there is a proliferation of financial services over
> USSD and this begs the question just how secure is it? If anyone on the
> list might have done a bit of digging around I'd really love to share
> learnings and insights.
Typically those mobile payment applications are SIM application toolkit
based and the SIM card uses encrypted SMS to talk to the back-end
server. So assuming that the crypto was done properly, there's nothing
wrong with such an architecture.
There are some services that use USSD, but then you can only transfer
between accounts that you have previously authorized to be used this way
using a more secure transport channel. Typically people list only their
own account to transfer between prepaid and bank account this way, so
the fraud potential seems limited.
Regards,
Harald
--
- Harald Welte <laforge at gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)