General Musing

blaze your trail

Posts Tagged ‘ussd

USSD – A Mobile Payment Solution? #mobile

with one comment

Somebody send me a nice demo which Barcleys in India is implementing or has implemented using Unstructured Supplementary Service Data.

USSD is part of the GSM standard which tends more towards a real-time messaging service, unlike SMS no data is stored on the mobile or network. All the data still goes over the same channel over the GSM network, and thus is still inherently insecure, due to the fundamental flaws in the GSM encryption methodology.

One of the advantages over SMS is that nothing sits in between to store messages, so they must be answered immediately. The back end application is responsible for the message handling, as it is completely session oriented. There is both a push and pull method, which means communication is initiated from the mobile or network. IMHO this still leaves it susceptible to a man-in-the-middle attack.

Do banks consider this acceptable risk? Or do they just not know the whole truth?

Technorati technorati tags: , , , , , ,

Written by Daniël W. Crompton (webhat)

August 1, 2008 at 1:15 pm

Posted in mobile, network, risk, security

Tagged with , , , , , ,

%d bloggers like this: