All geek questions in one place

Is USSD safe or not?

I have a question about USSD and security on this channel.

As you know today mobile banking and many payments using USSD, I want to know that USSD is safe?

If USSD transactions using a5 / 1 for encryption, then it completely broke a few years ago and can now be captured by usrp (or the HackRF board) and decoded by rainbow tables created for a5 / 1.

I think these transactions are not very secure, but I want to learn more about this protocol and encryption using these transactions. I don't know USSD codes encoded using a5 / 1 or GSM-7 ... so my question is:

  • What is the encryption used for USSD transactions? Is USSD GSM voice encryption (a5 / 1) or use of GSM-7 or another?
  • How can we make USSD safe? you can add additional transaction encryption or what you think about protecting USSD codes and transactions.

Thanks to everyone.

+6
source share
1 answer

In general, in mobile networks (in this case GSM), there are two levels of security

  • AirInterface Security
  • Basic Network Security

For AirInterface (the radio interface between MS and BTS), it can be encrypted or unencrypted (depending on the network setting)

https://en.wikipedia.org/wiki/A5/1 https://en.wikipedia.org/wiki/A5/2

As you can see, how modern encryption methods are so weak, especially for financial transactions (compare with acceptable encryption methods for online banking).

The real problem for USSD messages is their MAP / SS7 (Sigtran) message on the core network. Unfortunately, all USSD messages in the GSM network are transmitted as plain text (as part of the MAP message) and all E1 links are easily controlled.

Using USSD as the transfer level (if there is no data connection (GPRS-3G-LTE) on the network) is possible, but an encryption level is required (and it can be implemented in the Android or IOS application)

+8
source

Source: https://habr.com/ru/post/973355/

More articles:


All Articles