What does "USSD code running" mean? This message appears when your phone is processing a USSD request. It should complete within a few seconds. If it hangs, try restarting your phone or checking your network connection.

Yes! USSD operates over the cellular network's control channels, not data networks. It works on any GSM-compatible phone, even basic feature phones.

Can USSD work without internet?

USSD has basic security features, but it's not encrypted end-to-end. The security depends on your mobile carrier's implementation and the specific service you're accessing.

Most USSD sessions end automatically after completing a transaction or timing out. You can usually cancel by pressing the "Cancel" or "Back" button on your phone.

How do I stop a USSD session?

Common issues include weak network coverage, carrier restrictions, incorrect code format, or your phone plan not supporting certain USSD services.

What is USSD (Unstructured Supplementary Service Data)?

How USSD works

Think of USSD as a direct phone call to a service, but instead of talking, you're texting in real-time. Here's the basic flow:

User initiates: You dial a code like *123# to start a session
Network processes: The USSD gateway receives your request and forwards it to the appropriate application
Service responds: The application sends back a response (like a menu or information)
Interactive session: You can continue the conversation by selecting options or entering data
Session ends: The connection closes when you're done or after a timeout

The key difference from SMS? USSD keeps the connection open during your entire interaction, making it perfect for things like checking your bank balance or topping up your phone credit.

USSD message format and structure

USSD messages follow a specific pattern that's easy to recognize:

Start with: Asterisk (*) or hash (#)
Middle: Numbers and sometimes letters
End with: Hash symbol (#)

Examples:

*123# (balance inquiry)
5551234# (recharge with code 1234)
#100# (check data balance)

Messages are capped at 182 characters, so everything stays short and sweet.

Common USSD applications

You've probably used USSD without even thinking about it. Here are the most common uses:

Financial services

Mobile banking transactions
Balance inquiries
Money transfers
Bill payments

Telecommunications

Prepaid recharge
Data package purchases
Service activation/deactivation
Network configuration

Other applications

Voting systems
Survey responses
Location-based services
Emergency notifications

USSD vs. SMS: understanding the differences

Feature	USSD	SMS
Connection type	Session-based (real-time)	Store-and-forward
Character limit	182 characters	160 characters
Internet required	No	No
Works on basic phones	Yes	Yes
Cost	Usually free or low-cost	Per-message charges
Delivery guarantee	Immediate or fails	Eventual delivery

Cybersecurity implications of USSD

Here's where things get interesting from a security perspective. USSD's simplicity and widespread adoption make it an attractive target for cybercriminals:

SIM swapping and social engineering

Attackers can exploit USSD codes to:

Transfer phone numbers to attacker-controlled SIMs
Access mobile banking services
Bypass two-factor authentication
Gather account information

Network-level attacks

Since USSD operates at the network level, malicious actors might:

Intercept USSD communications
Launch man-in-the-middle attacks
Exploit weak authentication mechanisms
Access sensitive user data

Recommendations for organizations

Monitor USSD traffic for unusual patterns or unauthorized access attempts
Implement strong authentication for any USSD-based services
Educate users about USSD-based social engineering attacks
Regularly audit USSD code configurations and access controls
Deploy network monitoring tools to detect suspicious USSD activity

USSD in IoT and modern applications

Don't think USSD is just for checking phone balances. It's found new life in IoT applications:

Remote device management: Sending configuration updates to IoT devices
Data collection: Gathering sensor readings from remote locations
Emergency communications: Backup communication when data networks fail
Asset tracking: Location updates from GPS-enabled devices

The low bandwidth and universal compatibility make USSD perfect for these use cases—but they also create new security challenges organizations need to address.

FAQs

Staying secure in a USSD world

USSD isn't going anywhere—it's too useful and too embedded in global telecommunications infrastructure. As cybersecurity professionals, we need to understand how it works and where the risks lie.

The key is treating USSD like any other network protocol: monitor it, secure it, and educate users about potential threats by utilizing effective and comprehensive security awareness training. With proper controls in place, USSD can be a valuable tool without becoming a security nightmare.