Unstructured Supplementary Service Data (USSD) is a technology built for supporting the transmission of information over GSM and UMTS networks. USSD messages allow interactive communication between subscribers and an application across GSM or UMTS networks. The response time of a USSD request is relatively fast thereby allowing USSD to be used as an efficient “trigger” to activate services or applications. The functionalities of USSD make it ideal for information queries like available balance, content downloading, call back roaming and other information services.
USSD messages comprise a service code that identifies the action to be taken on receipt of the USSD message. A service code that is not recognized by a mobile device is interpreted as a USSD message by the mobile device. Service codes that are recognized are mapped to Supplementary Service Operations (SS-Operations) as defined in GSM and UMTS. These supplementary services operations may include: Registration/De-registration, Activation/De-activation, and Interrogation of supplementary service, such as Call Forwarding or Call Barring.
One problem relating to SS and USSD messages is that these messages flow from the mobile device through the Visitor Location Register (VLR) and the Home Location Register (HLR) in the network. The VLR-HLR link is known to be vulnerable for spoofing attacks. A spoofer may easily mimic a VLR and send unauthorized SS messages and/or USSD messages on behalf of a user of a mobile device. These unwanted and unauthorized messages may negatively influence the traffic and resource performances of the network. Hence, as USSD services are becoming increasingly popular it is necessary to distinguish legitimate messages from unauthorized messages.