Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Security experts to plug hacker 'gap in WAP'

From: William Knowles <wk () C4I ORG>
Date: Wed, 31 May 2000 11:14:08 -0500
http://www.zdnet.co.uk/news/2000/21/ns-15682.html

By Will Knight
Wed, 31 May 2000 16:45:10 GMT

Commercial 'application level encryption' WAP solution by September

US computer security firm Cylink says it will close an accepted
security loophole inherent in WAP (Wireless Application Protocol)
technology.

Last week, Cylink announced an end-to-end security solution for WAP
that one representative predicts will improve customer confidence in
WAP and spur on the adoption of the wireless technology.

Communication between a WAP handset and WAP server are protected by a
built in encryption technology called Wireless Transport Layer
Security (WTLS). Once on the Internet a connection is usually
protected by the Secure Socket Layer, SSL, an Internet standard for
encrypting data between points on the network. However, the data
exists in a decrypted form as it is transferred from WTLS to SSL, and
security experts have expressed concerns about this potential Achilles
heel.

But Cylink has promised a commercial "application level encryption"
WAP solution by September specifically designed to encrypt user data
across this fallible point.

The company also says that over the coming months it will unveil a
range of other security initiatives including virtual private
networking (VPN) software, VPN hardware, Public Key Infrastructure
(PKI) products, and smart card technologies for WAP devices.

President and CEO of Cylink William Crowell argues that WAP's
credibility is at stake: "Problems will emerge when new WAP phones
enter the market unless security solutions that work with the proposed
WAP standards are in place," he says.

Analyst groups predict that mobile Internet use will explode in the
next few years making this potentially a very lucrative area for
Internet companies to exploit. The Gartner Group recently published
figures suggesting that by 2005, 95% of all mobile devices will be WAP
enabled.


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: