USSD. Solving global issues.

The need for entertainment is always there and it is one of the main reasons that drive the mobile technology forward. Mobile phones have it all – from playing video games and watching movies to browsing the Internet. We have super fast 3G connections, we have classy iPhones, we have this, we have that.

But what about people who can’t afford all these entertaining, but in most cases, useless devices? People, who’s main concern is not entertainment but poor health, poverty and starvation? What can mobile technology offer them on a global scale?

The Bill & Melinda Gates Foundation currently holding The Grand Challenge contest in creation of services which can help to support battling with many diseases: HIV, malaria, tuberculosis, pneumonia, diarrhea, family health, vaccine preventable, and other neglected diseases.

Here is a list of requirements for a mobile service to meet:

• Use by non-literate and semi-literate users;
• A preference for low cost phones and small screen size;
• Unreliable G3 service, limited coverage and connectivity and frequent G2 service as the predominate service available;
• Lack of integration into larger health information system (HIS) infrastructure;
• Hardware limitations (such as battery life, signal strength);
• Scalability and sustainability for widespread deployment.

Where are these requirements coming from? Well, let’s have a look at facts:

• Nearly a billion people entered the 21st century unable to read a book or sign their names.
• Almost half the world — over three billion people — live on less than $2.50 a day.
• The number of children in the world is 2.2 billion and the number in poverty is 1 billion (every second child).

If you want more you can read it here.

Having looked at the statistics above, it becomes clear that what mobile technology offers today, has nothing to do with the majority of the world’s population.

We are convinced that mobile technology has something to give, more than popular ringtones or fancy looking phones. It can serve a global purpose and help those in need. Mobile technology can make an extra step towards its maturity.

Mobile services are based on technology. So let’s look at the types of technology that can be beneficial to the Third World. It is clear that neither G3 nor G2 are appropriate. Are they accessible to everyone? Remember we are talking about normal and poor people, not just geeks from engadged.com.

As you see, GSM has worldwide coverage even for territories where there is no Internet. For these territories, USSD and SMS can be the only solution, as they work, even on the cheapest phones and require no setup or special skills. And let’s not forget about interactivity provided by USSD. It opens a possibility to build well organized health care applications which can establish communication with people who have no access to even the simplest health services.

We believe that we have to use what we have. Nothing new is required but we have to dig out forgotten things like USSD, which is considered an outdated technology but which in reality can solve many current global problems.

Mobilizing business. Eyeline’s approach.

Mobile technology has made a considerable impact on our lives, both positively and negatively. Some may argue that such advancements have resulted in more negativity, while other factions may disagree. As far as we are concerned however, we should consider how best to exploit this new technology which, whether we like it or not, is here to stay.

Everybody and their mom have a mobile phone. Technology has grown by leaps and bounds and nowadays we have cell phones the size of a match box, albeit slimmer, which has the functionality of a massive desktop PC. You can see people checking the news while queuing up, spamming on forums while commuting on public transport, all in all enjoying the convenience of new mobile technology.

Now, if you were to look a little deeper, you will realize that all these millions of mobile phone users are potential clients. That’s a huge market to have access to.

Perhaps, you already want to create a mobile service or give people the opportunity to access your existing business via their mobile phone? The intriguing part is that this doesn’t require much effort at all.

If you have a website there are several ways to do it:

• Web site mobilizer. We have covered this topic in detail here. In short, a program of this type creates a mobile version of your website in seconds, but the end result is not always perfect.

• Mobile site builder. Allows making a mobile web site from scratch using pre-defined blocks.

• Plugins for WordPress based web sites. Creates a mobile version of the WordPress web page.

If you want an SMS service, then aggregators is the way to go. Basically, they organize the connection with operators around the world. Aggregators provide connectivity with cell phone carriers and the SMS gateway so you can send and receive messages and various content like ringtones, etc. Using it can be expensive and that’s only just one of its many drawbacks. Read more on aggregators here.

For those of you who want to simplify the development of services, something to consider would be Eyeline’s SADS.

By developing on SADS (Service Adaptation & Delivery System) your service can be accessed by USSD, WAP and JAVA. You can get a short Call2Service number that users need to dial to enter the service.

There are three ways to develop a service on SADS:

1. If a service is static and no changes are required regularly (like, for example, a discount which users get when they dial a service number), then the best way is to create an xml file. It’s no harder than making an html page, so any person who has basic knowledge of html can do it. Only one file and voila, you have the global service. The next step would be to promote the number.
2. Services such as weather and horoscopes, where the information has to be changed daily, can be executed by SADS plugin for WordPress. In this case, you must have someone to type and enter all the information manually. No special knowledge is required, apart from knowing how to press buttons.
3. The final method, allows for creating services of any complexity. We provide the API and you can literally program anything you want.

In future posts we will continue to observe Eyeline’s SADS. If you are interested, please contact us at info@eyeline.mobi.

USSD Security. Part 2.

As a follow up to this post, lets talk about why James Bond style encryption methods don’t necessarily guarantee the security of your service. When the security systems are in place and the whole infrastructure seems invincible and you can finally lean back in a chair…Oh wait, is it really so?

You can have the best secure algorithms and technology but this doesn’t guarantee that you are 100% safe. Today’s highly advanced computer criminals are not going to expend any effort with hacking the sophisticated encryption methods you have set in place. Instead, they focus on the weakest link, and this, in most cases are the people.

Social engineering is the term coined by the famous hacker Kevin Mitnick. He used psychological manipulation techniques to get confidential information, instead of expending energy and hacking into the system. These methods exploit typical human traits such as gullibility, curiosity, sympathy and greed, a much easier and effective strategy.

Phishing is one method that is widely used. Phishing can be used to obtain credit card details, passwords and usernames by claiming to be a legitimate company. Generally, frauds send e-mails which directs the recipient to a fake web site, that looks like the exact replica of the official site, and it is there that users are asked to enter their sensitive data.

In the case of mobile phones, messages claiming to be from a bank request users to call the number provided in the message. After dialing the number, users are asked to enter their account number and PIN. Gullibility kicks in…

When creating a service, bear in mind that validating the identity of your users is the primary security task that should not be forgotten. At the same time, the users must have a system where they can identify that they are interacting with the genuine service and not a replica. A challenge-response scenario is the easiest way for both parties to prove that they are who they claim to be. For example, some banks provide customers with a picture which appears when logging onto their account, thereby letting them know that it is a genuine web site. For banks to know that it is actually you on the other side, they send two SMSes with passwords for your account. When you enter the first password, the dialogue prompts to “enter the new password”. At this stage, even if a fraud obtained your primary data, they will not know that the new password requested has been sent to you via SMS, and will therefore not be able to complete the transaction.

What these examples show us, is that even with all the technologically advanced security systems that banks put into place, it is crucial to factor human error and vulnerability into the equation, as they can make even the most sophisticated security systems redundant.

What does one do?

1. Invent a scenario where both parties identify each other as the genuine article.
2. Only then get yourself busy by implementing hi-end encryption and all that follows.

Mobile services creation. How to mobilize your content. Using Mobilizers & Mobile site constructors.

In these series of posts, we will explore the creation of mobile services and the problems that surround this process. There are several ways to do it, but in this post we’ll look at website mobilizes – and the easiest way to get your website to mobile Internet ASAP.

One of the most popular tools for it is – Instant Mobilizer (IM) by dotMobi.

This in fact, is a transcoder. IM takes existing web sites and automatically converts it to a mobile-friendly format without you having to go through the hassle of programming and content management. It re-flows web pages to a single vertical column by resizing images and changing site navigation. The service is free, if you purchase one of the .mobi domains from several hosting companies.

Although this may sound good on paper, in reality, the end result is not so. The reason for it is, when we create a web site, things like coding standards are often not one of our first priorities. Instead we tend to give more preference to the look and feel of a web page. So, what happens is that when you insert your web page to IM, you may end up with a complete mishmash.

There is a list on IM website that says the following features may not appear correctly:

• Image maps
• Flash objects
• Frames
• Certain forms depended on JavaScript
• JavaScript pop-ups and mouseover behaviors
• Tables used for layout purposes

Click this link for more information: http://instantmobilizer.com/test-your-site.php.

If you own a small business and have a relatively simple website, then by all means, do give it a go. But do bear in mind that it can only serve as a provider of information about your business: phone number, address, maps and driving directions. If your web site is e-commerce based and you think that IM can convert the payment system of your web page…think again, because it can’t.

Anyway, something to remember would be, who is the target audience of this service? If you don’t have time or don’t want to spend money on creating a mobile web site, you can use IM to quickly convert your webpage and check whether there is any interest in the mobile version of it. If there is a decent amount of visitors and the traffic is satisfactory, then maybe it can encourage you to create a mobile site from scratch. But if you are thinking on a larger scale and plan to make money from mobile Internet, then Instant Mobilizer is not the right choice for you.

There is also a number of web tools such as moFuse, Zinadoo and Movylo that allows you to make a simple mobile site using templates and a WYSIWYG editor.

It only takes a few minutes to make a simple but visually pleasing mobile page. However, using such constructors does have its flip side; you are limited by a number of pre-defined templates. Mobile sites created with these services can serve as an information provider for small and medium businesses or be a news and weather platform. But as in the case of IM, if you want to sell content or products then you have to look elsewhere. Although, moFuse did recently add the Google Checkout function to their suit. So if this type of money transactions suits you, do give it a go.

Keep an eye open for the updated tools mentioned in this article, as developers often add new functionality and useful features.

USSD Security.

Ok, seems like there is a lack of info on USSD security. With a growth of interest in mobile payment and banking, we really have to clear this one out. If you are not familiar with USSD, read basic facts about it here.

There are two ways for villains to sniff the data – in the air and when it is stored on servers. The thing is USSD signal itself is not encrypted when it is transferred over the air. People seem to talk a lot about it being a big security hole. But the GSM channel that carries the signal has built-in encryption, authentication, authorization and accounting protocols. It’s not like an easy thing to hack. It will cost a copious amount of cash to buy equipment which can do it. And then villains have to chase you wherever you go to trace the signal. And then you make a ten dollars transaction.

Aghh, too much hassle, right?

Imagine that bad guys had no success with your ten bucks. Then your signal arrives to operator, where data is decrypted within network. No need to panic, as operators have their own system of security. If you need you can ask for end-to-end encryption, when data is encrypted from the user to your service all the way through. Though, governments usually don’t allow operators to do it, as they are quite curious.

Now, all the aforementioned stuff applies to SMS as well. So USSD is, at least, as secure as SMS. Which is the most popular format for mobile commerce. But unlike SMS, USSD is not stored on servers for months and years to come, and it doesn’t leave traces on your mobile phone, as it is session-based.

Nobody really questions SMS, as nobody really questions security of credit cards. Well, maybe someone, but the cards are still widely used. This month a San Francisco man was sentenced to 13 years in federal prison for stealing 1.8 million bank and credit card numbers. Guess what? Banks are still there and credit cards are alive and well. It is instilled in people’s minds that they are safe, so they continue to use them. Thus finding holes in USSD is not the best idea – there are plenty of popular types of money transactions which are often hacked but still widely used.

The point is – it is useless to discuss the security of USSD out of service context. Firstly you need to define what your service is, what money is transferred. With default settings, USSD may not be secure for one million dollar transaction, hence you will have to adjust the channel for your particular needs. Remember also, that scenario for a service can provide high level of security by itself.

Follow these steps, if you are thinking of using USSD:

1. Specify the sum of money.

The level of security depends on the quantity of money involved. If your service is using micro/small payments, then standard GSM security is enough. For bigger transactions you would probably want to install additional encryption. Remember, though, better locks cost more, so count your money too.

2. Analyze network infrastructure.

Look at the whole network and see what parts of it don’t meet your security requirements. This may be the part where a signal goes from the mobile user to the operator’s server and then to your server. In this case, you can encourage users to install java applications to enhance the level of security.

If you are concerned about potential insecurity within the operator’s network, negotiate your needs with the operator. Keep in mind, that in many countries encryption/decryption of data within an operator is regulated by the government.

Finally, don’t forget about protecting your own service.

3. User experience is numero uno.

You can bury your business if clients have to go through numerous steps to install protection, such as going to different offices, buying a new SIM card, etc. Keep the balance between security and user experience. People want it simple.

4. Tell everybody how safe you are.

Make people trust your service by executing a marketing campaign, giving them guarantees, etc.

Don’t put security on the top, look at USSD from the point of business opportunity. It certainly can provide you with one.

We’ll certainly come back to this topic again later.