While world is worried about cyber securities for various online transaction specially banking, how secure banking based on USSD is and what's vulnerabilities in USSD based communications are?
Usually known as Quick code or featured code, USSD stands for Unstructured suplimentry service data are the special too and fro messages bases on mobile service provider server and user device/mobile phone as clients.
USSD is protocol used by GSM mobile service to communicate mobile with service providers computer based on predefined set of codes and message length is upto 182 character.
Just like SMS it can be used to exchange data but speciality of USSD lies in creating session which allows user to communicate for a period of time until connection remains open.
How USSD is used?
USSD is basically pull based and push based services.
Mobile initiated USSD code
Many Service provider allow user to dial USSD code to deliver their service information and credit information to the user based on their request.
Server initiated USSD
Push based USSD are initially sent by network, most of the time to notify user about some urgency or just for promotional purpose.
Structure of USSD
- USSD are structured as this
- Start with asterisk *
- String of codes/messages
- Multiple segments/codes separated by asterisk again
- Code or string of USSD is terminated by Hash character [ # ]
Security with USSD
Recently in India where most of economy is derived with cash had went through demonetization which pushed users out there to opt for digital transaction and most of users which don’t have smartphone for their transaction are given option to use banking/transaction entirely by USSD simply by dialing *99# from their basic mobile phones even.
On another hand, we see lots of security been deployed in net banking and online transaction gateway, this rise the question how these USSD based transactions are secure?
According to Research case study Security Perspectives For USSD Versus SMS In Conducting Mobile Transactions: A Case Study Of Tanzania security of USSD is same and more than SMS, unlike SMS, USSD communication/data is not stored either user end or SMSC. Data is encrypted between user device to BST however after Base station, these data transmitted in plain text to the rest of the nodes. All the security mechanism is applied on USSD as of that GSM implies on other services which been proven more stronger. More about security in mobile banking reference you can go through paper published by Department of computer science in University of cap town.
USSD is handled by protocol called MAP (Mobile Application Part), It creates, sends and receives session ID and manage to destroy is once the work is been done.
Types of Services provided by USSD
USSD are used these days from service provider based generic information sharing to social media access like Facebook and Twitter.
Few popular services based on USSD are
Service provider based services
- Balance check/credit information: USSD are used by service provider with quick code by which user can quickly know about updated credit information on their mobile service provider.
- Voice chat : like above services, this can be used if service provider allows, and are useful specially when VoIP devices are not available.
- Advertisement : Using push based mechanism, service provide can advertise their promotional offers.
Third party services
- Social media : Social media can be used with phone without internet just by using their special USSD code. For example, Airtel provided such services to use facebook/twitter just by dialing *325# and access facebook for most of the uses.
- Banking : As stated earlier, USSD can be used to transfer money, check available balance in account and receive money using USSD.
Conclusion on USSD
USSD are being used all of us by various means, its protected by WAP/MAP protocol by GSM service provider and their own security mechanism. Beyond the usage of traditional service provider based communication, USSD and its session based advantages are being used by various other means like, baking, social media, real time chat and service based information pulling from service provider.
Hope you like overview of USSD that i could explain in simple way, if you liked it, please tweet this to your follower and share it on Facebook/Google+ with your friends and engage them with such great explanation on USSD.
If you got any Question, please feel free to comment down below, I’ll be answering those comments.
Have great time. Keep learning.