USSD Traffic Interception and Mobile Malware
68 views
Skip to first unread message
Milan Singh Thakur
May 13, 2015, 4:38:51 AM5/13/15
to owasp-mobile...@owasp.org
Hi Geeks,
Has anyone worked on USSD Traffic interception??
I am currently working on it. Also i have intercepted USSD code in request and relevant response. But can anyone put more light on security checks required on this topic?
Additionally, I have been working on Mobile Malware using various forensics toolkit like SANS. If anyone is interested to work on it collaboratively, then feel free to get in touch.
Regards,
Milan Singh Thakur
http://sec4app.blogspot.com
Has anyone worked on USSD Traffic interception??
I am currently working on it. Also i have intercepted USSD code in request and relevant response. But can anyone put more light on security checks required on this topic?
Additionally, I have been working on Mobile Malware using various forensics toolkit like SANS. If anyone is interested to work on it collaboratively, then feel free to get in touch.
Regards,
Milan Singh Thakur
http://sec4app.blogspot.com
Nikola Milosevic
May 13, 2015, 6:36:16 AM5/13/15
to Milan Singh Thakur, owasp-mobile...@owasp.org
I work for a bit on it on OWASP Seraphimdroid project, where the app has some blacklist of USSD codes which can harm current phone state, like wipe data, restart to factory settings. It is not very smart, just blocking USSDs from the blacklist, so I don't know if it would be helpful, but if you think it would be or have some idea how can we improve OWASP Seraphimdroid, please let me know.
Nikola Milošević
Full code is: https://github.com/nikolamilosevic86/owasp-seraphimdroid
And USSDs we used to block by default are in: https://github.com/nikolamilosevic86/owasp-seraphimdroid/blob/gsoc/Seraphimdroid/src/org/owasp/seraphimdroid/database/DatabaseHelper.java
Hope it helps a bit.
Best regards,
Nikola Milošević
--
You received this message because you are subscribed to the Google Groups "OWASP Mobile Top 10 Risks" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-mobile-top-1...@owasp.org.
For more options, visit https://groups.google.com/a/owasp.org/d/optout.
Milan Singh Thakur
May 19, 2015, 8:07:31 AM5/19/15
to owasp-mobile...@owasp.org, nikola.mi...@gmail.com
Hi Nikola Milošević,
Thank you for providing reference of your project.
But i am trying to by-pass subscription charges (like recharge using USSD code) enforced by operator. I am able to capture USSD traffic, but unable to tamper it. In my case, GET request for USSD code goes in one part and response for same USSD code comes in next part (not in same request/response).
Regards
Thank you for providing reference of your project.
But i am trying to by-pass subscription charges (like recharge using USSD code) enforced by operator. I am able to capture USSD traffic, but unable to tamper it. In my case, GET request for USSD code goes in one part and response for same USSD code comes in next part (not in same request/response).
Regards
Reply all
Reply to author
Forward
0 new messages