Committed to connecting the world


Episode #12: Mitigating infrastructure vulnerabilities for digital finance

The episode twelve of the DFS webinar series discussed "Mitigating infrastructure vulnerabilities for digital finance". The session focused on the vulnerabilities in the underlying telecom infrastructure such as SS7 as well as SIM cards and their potential threat on digital financial services and best practices for mitigating them. The world of digital finance is hugely dependent on telecommunications infrastructure and services. Due to the dominance of feature phones among users in developing economies, which comprise the majority of digital finance end-users, the channels that the end-user communicates with the digital financial services provider are mostly Unstructured Supplementary Service Data (USSD), Short Messaging Service (SMS) and Sim Tool Kit (STK). USSD and SMS as means of communication have long been known as susceptible to attack and have many published vulnerabilities. The SIM card of the phone is another security vulnerability point that needs special attention as well. For instance, SIMs which are vulnerable to Simjacker could be vulnerable to an attack that  contains a series of SIM Toolkit (STK) instructions specifically designed to be passed on to the SIM Card within the device. Exploiting these vulnerabilities enables attackers to commit fraud and steal funds from unsuspecting victims, who in in most cases are unaware their account is being compromised or hacked.

Participation was open to ITU Member States, Sector Members, Associates and Academic Institutions and to any individual from a country that is a member of ITU who wished to contribute to the work. This included individuals who are also members of international, regional and national organizations.​

Chief of Study Groups
Cathal Mc Daid
Chief Technical Officer
Adaptive Mobile

Assaf Klinger

Klinger Consulting

Christine Hilda Namuddu
Senior Information Risk Officer
MTN Uganda