Tiêu chuẩn quốc tế

About this reportAbbreviations and acronyms1 Introduction2 Main components of a USSD; STK DFS ecosystem3 Testing attacks to USSD and STK DFS based implementations 3.1 Passive and active attacks against DFS transactions 3.2 Device validation 3.3 IMSI validation and verification 3.4 Man-in-the-middle attacks on STK SIMs 3.5 Attacks using binary OTA message 3.6 Remote USSD execution on the device using ADB 3.7 Remote USSD execution using SS7 3.8 SIM clone attack4 Best practices to mitigate USSD and STK threats 4.1 Best practices to mitigate against retrieval of user data 4.2 Best practices to mitigate SIM swap and SIM recycling risks 4.3 Best practices to avoid remote USSD execution on devices 4.4 Best practices to mitigate SIM exploitation using binary OTA