Abstract

USSD stands for Unstructured Supplementary Service Data and is a session based GSM protocol unlike SMS or MMS. Typically it is used to send messages between a mobile phone and an application server in the network. Nowadays there are multiple services based on USSD, such as mobile banking, social networking (facebook, twitter), updating mobile software over-the-air, prepaid recharge/account balance info etc.

In this talk, I will be discussing USSD vulnerability in Android phones, especially remote wipe issues in Samsung phones and extends further dirty usage of such USSD codes. Further, I will talk about how to play with USSD codes in iOS, windows mobile environment using various platforms/tools.