USSD Traffic analysis
laforge at gnumonks.org
Tue Feb 7 15:14:04 UTC 2012
On Tue, Feb 07, 2012 at 03:18:46PM +0300, ty wrote:
> I work for one of the leading mcommerce providers in the country as a
> security analyst and from the architectures, yes all the transactions take
> place via secure channels. However, my concern has always been after the
> transaction leaves the application and is handed over to the USSD gateway
> for the MNO, is it possible at an SS7 layer to intercept the said traffic?
There is nothing specific to USSD here. It's a MAP transaction,
encapsulated in TCAP+SCCP+MTP3 or any of the SIGTRAN variants. So the
question is basically a general question on SS7/SCCP security, and thus
off-topic on this list, which is about OsmocomBB baseband development
and not core network technology.
> I haven't seen any research into how USSD can be intercepted OTA just like
> GSM voice calls have been intercepted.
USSD is transported on a signallign channel like SMS or call control.
Thre is no difference in terms of intercepting or MITM from voice/SMS.
- Harald Welte <laforge at gnumonks.org> http://laforge.gnumonks.org/
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
More information about the baseband-devel