Topics Mobile Tech News Sunday, April 21


Contact us

Site search:
complete archives list

Site Sponsors:

Don't forget AT&T and Verizon promo codes at to save money.

Sealing the Gap in WAP
Posted: 04-Jan-2001 [Source: Wireless Networks Online]

[WAP 1.3 security standard to address some of the major security holes.]

by Betsy Harter -- "Security has been an issue in the wireless industry since cellular's inception. On the voice side, carriers have had to deal with tumbling, cloning, and subscription fraud. Unfortunately, adding data services and wireless Internet access brings a whole new set of security issues.

"It wasn't until the last year or so that people finally became comfortable giving out credit card and other personal information over the Internet. Consumers have every reason to be wary of the Web. Cybercriminals have electronically penetrated almost every one of the 500 largest U.S. corporations, not to mention government entities such as the Pentagon. Cybercrime is not limited to the United States -- telecommunications experts estimate that computer crime is responsible for $15 billion in losses worldwide. Now that valuable personal information, including financial and medical data, is traveling over airwaves, consumers and wireless carriers are more concerned about security than ever before.

"Verne Meredith, Diversinet vice president of sales & marketing, said WAP -- the protocol which most wireless carriers use to offer wireless Internet services -- has several security holes.

"We strongly believe that any secure digital wireless application needs to be the mirror image of the security model in the brick-and-mortar world," he said. "The WAP 1.2 security standard in its current state has significant shortfalls."

"Meredith said there are five pillars to security in the brick-and-mortar world that the wireless world needs to emulate. For example, if a person goes to a bank to withdraw money, the bank first verifies the person's identity, known as authentication in the digital world. Next, the bank verifies what the customer is allowed to do, or authorization. Third, the bank creates a space between a customer doing a transaction and other customers, known by digital companies as encryption. Fourth, the teller counts out a customer's money in front of him to ensure he receives what he requested, called data integrity by digital companies. Last, the customer gets a receipt, known in digital transactions as proof of contract, or non-repudiation.

"Although these five pillars exist in the wired Internet, WAP 1.2 is missing the authentication, authorization and proof-of-contract elements, Meredith said. In addition, WAP doesn't mention application level security, which means if a bank wants to secure its application for customers and manage the security behind its firewall, it can't do it using WAP because the intelligence is at the transport layer rather than the application layer, Meredith explained.


Back to Headlines...

Apple Watch Apple Watch

iPhone 6 and iPhone 6 Plus iPhone 6 and iPhone 6 Plus

Amazon Fire Amazon Fire

Samsung Z - Tizen Samsung Z - Tizen


HTC One mini 2 HTC One mini 2

OnePlus One OnePlus One

HTC One (M8) HTC One (M8)

Samsung Gear 2 Tizen Watch Samsung Gear 2 Tizen Watch

HP VoiceTab HP VoiceTab

T200 octa-core T200 octa-core

Nokia 2520 Tablet Nokia 2520 Tablet

Samsung Galaxy Round Samsung Galaxy Round

BlackBerry Z30 BlackBerry Z30

iPhone 5S and iPhone 5C iPhone 5S and iPhone 5C

Samsung Galaxy Mega Samsung Galaxy Mega

Sony SmartWatch 2 Sony SmartWatch 2

iOS 7 iOS 7

Jolla Jolla

BlackBerry Z10 BlackBerry Z10

Galaxy S 4 Galaxy S 4

Galaxy Note 8.0 Galaxy Note 8.0

Ubuntu on Tablets Ubuntu on Tablets

LG Optimus G Pro L-04E LG Optimus G Pro L-04E

Firefox OS Firefox OS

Sony Zperia Z Sony Zperia Z


Valid HTML 4.1!

RSS © 1999-2019 Traques LLC
All times recorded in UTC