WAP email suspended after security breach in NZ

Telecom New Zealand has suspended its WAP email service after finding what could be a dangerous security hole

Telecom New Zealand is suspending its DJuice WAP-based email service following the discovery of a potentially damaging security hole.

Some users of the service have reported that they have been able read emails addressed to other people and that their own private communications have ended up on the screens of unwitting third parties.

Telecom's support desk admitted there is a problem, attributing it to a small window of opportunity that exists during the period when one user logs out and another logs on to the same connection.

It was explained that there is a 60-second delay after a WAP user disconnects before the cache associated with their session is cleared. If another user logs on to the same port during that time, the contents of the previous user's cache becomes visible to them.

One WAP service user claims to have been told by a Telecom helpdesk analyst named Daniel that it is a known problem but only occurs within "certain parameters" and certain timeframes.

Other callers claim to have been told that the situation is "pretty rare" and only occurs in a few "isolated cases".

Whilst the help desk said that technicians are "working hard to rectify" the matter, it would not commit to a resolution date.

Telecom spokesperson Andrew Bristol said that all affected customers will be advised of the shutdown through their phones. Bristol assured ZDNet Australia that the service would not be restored until the outstanding security problem is resolved.

Despite the company's assurance that the problem is not widespread, it appears to have affected some users on multiple occasions.

WAP was supposed to be the mobile answer to http, but does it deliver? Discover the latest development at ZDNet UK's WAP News Section.

Have your say instantly, and see what others have said. Go to the Telecoms forum.

Let the editors know what you think in the Mailroom.