Figure 10 - Schematic setup of the ADB connection






































            b) Connect to the mobile device by its IP address   d) With the USB removed, test the execution of
               using the command below                           mobile USSD commands remotely to a device
               ./adb connect 192.168.1.104                       using the commands below run on the shell of the
            c) Confirm that the host computer is connected to    computer.
               the target device via Wi-Fi using the command.     ./adb shell
               ./adb devices                                     am   start  -a  android.intent.action.CALL  -d
                                                                 tel:*185*1*1%23

            Figure 11 - Remote USSD command using ADB shell



















            This test shows that a remote attacker who had access   3�7  Remote USSD execution using SS7
            to the device could later issue USSD  commands     Due to the high level of assumed trust by the users
            remotely and can complete a DFS transaction.       when receiving USSD messages. The most straight-
                                                               forward attack to execute and scale an attack is



            18   Security testing for USSD and STK based Digital Financial Services applications