Page 10 - Security testing for USSD and STK based Digital Financial Services applications Security, Infrastructure and Trust Working Group
P. 10
The use of USSD and STK, especially for DFS, has of the transactions. This document describes the
raised security concerns on the inherent risks and various attack scenarios that can be used to exploit
vulnerabilities associated with using the channels the USSD and STK vulnerabilities and proposes best
that attackers may use to compromise the confiden- practices for the MNO's, DFS providers, and users.
tiality, integrity, availability of services, and privacy
2 MAIN COMPONENTS OF A USSD, STK DFS ECOSYSTEM
There are many interaction points between different ly the exploited stakeholders but others within the
parties within the DFS ecosystem based on USSD ecosystem.
and STK. Consequently, there are also numerous Table 2-1 shows the critical elements of a DFS eco-
ways in which attackers can leverage these inter- system based on USSD and STK, the threats and vul-
faces to attack the system, with successful exploits nerabilities at these points, and the proposed tests
often having consequences that affect not mere- and attack scenarios.
Table 2‑1 Elements of a DFS ecosystem
Components USSD and STK related threats and vulnerabilities Tests/attack scenarios
Mobile device • Unauthorized access to the mobile device/theft. • Remote USSD execution
• Tampering with the device to compromise the security of the
underlying platform, for example, installing malware and device
routing.
• Physically tampering with mobile device by placing additional
hardware that can be used as spyware.
SIM card • SIM swap and SIM recycling • SIM testing using SIM tester.
• Simjacker attacks • STK testing using SIM trace.
• Weak algorithms used on SIM cards; for example, COMP128 v1 • SIM clone tests.
and v2 algorithms used by the SIM and Authentication Center to • IMSI and IMEI validation test-
generate the initial Signed RES is known to have been broken. ing.
Base station • Man-in-the-middle attacks: GSM network encryption algorithms • Interception using a rogue BTS.
such as A5/1 and A5/2 have been demonstrated to be vulnerable. • Traffic tracing and capturing
Legacy networks relying on GSM encryption are subject to "man- at mobile network operator
in-the-middle" attacks from rogue base stations that are placed gateways and nodes like MSC,
by an attacker, maliciously claiming to be legitimate provider USSD, SMSC.
towers (i.e., a fake base station, often called an "IMSI-catcher")
• Replay attacks: Weak algorithms enable the attacker to decrypt
communication before re-sending it into the mobile carrier's
network. Such a scheme can allow the attacker to gain full
access to all communicated information, including transaction
and financial data.
• Eavesdropping: The secret key Kc generated using Ki and RAND
values using the A5 algorithm can be broken, and the signal
between the MS and BSS is susceptible to eavesdropping on
financial transactions.
• Denial of service: The RAND value sent to the MS during ini-
tial authentication can be attacked and modified by the intruder
causing Denial of Service to DFS.
8 Security testing for USSD and STK based Digital Financial Services applications
