Hackers of India

Dirty use of USSD Codes in Cellular Network

 Ravishankar Borgaonkar 


Presentation Material


USSD stands for Unstructured Supplementary Service Data and is a session based GSM protocol unlike SMS or MMS. Typically it is used to send messages between a mobile phone and an application server in the network. Nowadays there are multiple services based on USSD, such as mobile banking, social networking (facebook, twitter), updating mobile software over-the-air, prepaid recharge/account balance info etc. In this talk, I will discuss how to play with USSD codes using different tools and exploit different services based on it. In addition, critical security issues in USSD based services such as virtual money transfer/mobile banking and social networking will be discussed. At last, I would discuss what exactly does ‘dirty use of’ means.