Information Security News mailing list archives
Security experts to plug hacker 'gap in WAP'
From: William Knowles <wk () C4I ORG>
Date: Wed, 31 May 2000 11:14:08 -0500
http://www.zdnet.co.uk/news/2000/21/ns-15682.html By Will Knight Wed, 31 May 2000 16:45:10 GMT Commercial 'application level encryption' WAP solution by September US computer security firm Cylink says it will close an accepted security loophole inherent in WAP (Wireless Application Protocol) technology. Last week, Cylink announced an end-to-end security solution for WAP that one representative predicts will improve customer confidence in WAP and spur on the adoption of the wireless technology. Communication between a WAP handset and WAP server are protected by a built in encryption technology called Wireless Transport Layer Security (WTLS). Once on the Internet a connection is usually protected by the Secure Socket Layer, SSL, an Internet standard for encrypting data between points on the network. However, the data exists in a decrypted form as it is transferred from WTLS to SSL, and security experts have expressed concerns about this potential Achilles heel. But Cylink has promised a commercial "application level encryption" WAP solution by September specifically designed to encrypt user data across this fallible point. The company also says that over the coming months it will unveil a range of other security initiatives including virtual private networking (VPN) software, VPN hardware, Public Key Infrastructure (PKI) products, and smart card technologies for WAP devices. President and CEO of Cylink William Crowell argues that WAP's credibility is at stake: "Problems will emerge when new WAP phones enter the market unless security solutions that work with the proposed WAP standards are in place," he says. Analyst groups predict that mobile Internet use will explode in the next few years making this potentially a very lucrative area for Internet companies to exploit. The Gartner Group recently published figures suggesting that by 2005, 95% of all mobile devices will be WAP enabled. *-------------------------------------------------* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen. Alfred. M. Gray, USMC --------------------------------------------------- C4I Secure Solutions http://www.c4i.org *-------------------------------------------------* ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Security experts to plug hacker 'gap in WAP' William Knowles (May 31)