Security experts to plug hacker 'gap in WAP'

US computer security firm Cylink says it will close an accepted security loophole inherent in WAP (Wireless Application Protocol) technology.

Last week, Cylink announced an end-to-end security solution for WAP that one representative predicts will improve customer confidence in WAP and spur on the adoption of the wireless technology.

Communication between a WAP handset and WAP server are protected by a built in encryption technology called Wireless Transport Layer Security (WTLS). Once on the Internet a connection is usually protected by the Secure Socket Layer, SSL, an Internet standard for encrypting data between points on the network. However, the data exists in a decrypted form as it is transferred from WTLS to SSL, and security experts have expressed concerns about this potential Achilles heel.

But Cylink has promised a commercial "application level encryption" WAP solution by September specifically designed to encrypt user data across this fallible point.

The company also says that over the coming months it will unveil a range of other security initiatives including virtual private networking (VPN) software, VPN hardware, Public Key Infrastructure (PKI) products, and smart card technologies for WAP devices.

President and CEO of Cylink William Crowell argues that WAP's credibility is at stake: "Problems will emerge when new WAP phones enter the market unless security solutions that work with the proposed WAP standards are in place," he says.

Analyst groups predict that mobile Internet use will explode in the next few years making this potentially a very lucrative area for Internet companies to exploit. The Gartner Group recently published figures suggesting that by 2005, 95% of all mobile devices will be WAP enabled.

What do you think? Tell the Mailroom. And read what others have said.

Why we WAP:The wireless Internet revolution

Take me to the Mobile Technology Special

Take me to the WAP Access Guide