Hi Ty,
On Tue, Feb 07, 2012 at 03:18:46PM +0300, ty wrote:
I work for one of the leading mcommerce providers in
the country as a
security analyst and from the architectures, yes all the transactions take
place via secure channels. However, my concern has always been after the
transaction leaves the application and is handed over to the USSD gateway
for the MNO, is it possible at an SS7 layer to intercept the said traffic?
There is nothing specific to USSD here. It's a MAP transaction,
encapsulated in TCAP+SCCP+MTP3 or any of the SIGTRAN variants. So the
question is basically a general question on SS7/SCCP security, and thus
off-topic on this list, which is about OsmocomBB baseband development
and not core network technology.
I haven't seen any research into how USSD can be
intercepted OTA just like
GSM voice calls have been intercepted.
USSD is transported on a signallign channel like SMS or call control.
Thre is no difference in terms of intercepting or MITM from voice/SMS.
Regards,
Harald
--
- Harald Welte <laforge(a)gnumonks.org>
http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)