USSD (Unstructured Supplementary Service Data) is a communications protocol used in GSM networks for sending short text messages. USSD is similar in format to SMS. However, it is an instant messaging service, so messages are not stored on the operator side or on the subscriber’s device.
USSD format and examples
USSD messages generally exist as one of two types, depending on their origin:
- A USSD Pull is an outgoing request from the user in the form of an MMI command.
- A USSD Push is a message from the operator that is displayed on the user’s screen.
The user can send the operator a request in the form of a USSD command. Commands consist of the * and # characters and numeric codes. The chain begins with * or # (which can occur more than once, separating commands from subcommands) and usually ends with #. The maximum length of a USSD message is 182 characters, but in practice even the longest requests rarely exceed 20. Examples of USSD commands are *225# and #225# — the respective balance inquiries for AT&T and T-Mobile users.
On mobile devices, the commands are typed and sent within the standard interface for calls.
In response to a user request, the USSD service on the operator side can execute the command (for example, enable or disable a service), or send a message that appears on the screen of the subscriber’s device. Such messages are usually longer than USSD commands, but they likewise do not exceed 182 characters. Often, in response to a USSD request, operators send an SMS text instead.
USSD commands can be used for the following purposes:
- Managing payment plans: connecting/disconnecting services, switching to a different plan, etc.,
- Receiving background information about account status, new services, terms of service, etc.,
- Managing SIM cards: changing PIN/PUK codes, etc.,
- Receiving background information about the time, weather, etc., in the subscriber’s region.
Some operators allow USSD commands for getting content from social networks and sites such as wikipedia.org, or for online banking.
In addition, operators can send USSD messages to subscribers who did not send a USSD request. For example, if the subscriber does not have enough money on their account to call a person and sends a special command to ask that person to call back, a USSD message may appear on that person’s phone screen.
Some malicious programs can send USSD commands, for example, to sign up for paid subscriptions in the user’s name or siphon off money from their mobile account.
Operators can also misuse USSD messages and send them for advertising purposes.