Figure 7 - Sample SIMtrace output






































            Figure 8 - Sample wire shark output from SIMtrace – This Wireshark trace shows that the PIN was captured in
            clear text by SIMtrace.




























            The Wireshark capture above is a sample result and demonstrates that an attacker can read the PIN and data
            as it is keyed to the device with the SIM trace.








                                                 Security testing for USSD and STK based Digital Financial Services applications  15