Hallo all.
I have been playing around with OsmoscomBB for GSM voice traffic and capture. My interested has now stemmed into USSD traffic. Whenever I initiate a ussd session, I get the error "Session Terminated". Has anyone attempted to capture ussd sessions using the Motorola C123 or do I need specialized equipment for this?
Also, am looking into researching more into ussd because here in Africa, specifically Kenya, there is a proliferation of financial services over USSD and this begs the question just how secure is it? If anyone on the list might have done a bit of digging around I'd really love to share learnings and insights.
-ty
Hi!
On Tue, Feb 07, 2012 at 01:05:04PM +0300, ty wrote:
specifically Kenya, there is a proliferation of financial services over USSD and this begs the question just how secure is it? If anyone on the list might have done a bit of digging around I'd really love to share learnings and insights.
Typically those mobile payment applications are SIM application toolkit based and the SIM card uses encrypted SMS to talk to the back-end server. So assuming that the crypto was done properly, there's nothing wrong with such an architecture.
There are some services that use USSD, but then you can only transfer between accounts that you have previously authorized to be used this way using a more secure transport channel. Typically people list only their own account to transfer between prepaid and bank account this way, so the fraud potential seems limited.
Regards, Harald
Thanks for your insight Harald.
I work for one of the leading mcommerce providers in the country as a security analyst and from the architectures, yes all the transactions take place via secure channels. However, my concern has always been after the transaction leaves the application and is handed over to the USSD gateway for the MNO, is it possible at an SS7 layer to intercept the said traffic?
I haven't seen any research into how USSD can be intercepted OTA just like GSM voice calls have been intercepted.
Your thoughts are highly appreciated
-ty
On Tue, Feb 7, 2012 at 3:11 PM, Harald Welte laforge@gnumonks.org wrote:
Hi!
On Tue, Feb 07, 2012 at 01:05:04PM +0300, ty wrote:
specifically Kenya, there is a proliferation of financial services over USSD and this begs the question just how secure is it? If anyone on the list might have done a bit of digging around I'd really love to share learnings and insights.
Typically those mobile payment applications are SIM application toolkit based and the SIM card uses encrypted SMS to talk to the back-end server. So assuming that the crypto was done properly, there's nothing wrong with such an architecture.
There are some services that use USSD, but then you can only transfer between accounts that you have previously authorized to be used this way using a more secure transport channel. Typically people list only their own account to transfer between prepaid and bank account this way, so the fraud potential seems limited.
Regards, Harald --
- Harald Welte laforge@gnumonks.org
============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)
Hi Ty,
On Tue, Feb 07, 2012 at 03:18:46PM +0300, ty wrote:
I work for one of the leading mcommerce providers in the country as a security analyst and from the architectures, yes all the transactions take place via secure channels. However, my concern has always been after the transaction leaves the application and is handed over to the USSD gateway for the MNO, is it possible at an SS7 layer to intercept the said traffic?
There is nothing specific to USSD here. It's a MAP transaction, encapsulated in TCAP+SCCP+MTP3 or any of the SIGTRAN variants. So the question is basically a general question on SS7/SCCP security, and thus off-topic on this list, which is about OsmocomBB baseband development and not core network technology.
I haven't seen any research into how USSD can be intercepted OTA just like GSM voice calls have been intercepted.
USSD is transported on a signallign channel like SMS or call control. Thre is no difference in terms of intercepting or MITM from voice/SMS.
Regards, Harald
baseband-devel@lists.osmocom.org
-
Harald Welte -
ty