Wap gateways will be 'hacker magnets'

The level of security threats will rise as companies link their IT infrastructures into the wireless world, opening themselves up to attacks on Wap gateways from mobile spam and even viruses on mobile phones.

These threats will add to those from device loss, with the only crumb of comfort being that wireless systems are inherently more robust, reducing the scope for denial of service attacks, according to researcher Gartner.

John Pescatore, Gartner vice-president, said a "fundamental lack of security will not slow adoption" of wireless technology and that security professionals need to focus on limiting the gap between desired and achieved levels of control, recognising that achieving business goals involves taking risks.

According to Gartner research, presented at its autumn Symposium/ITxpo this week, the pace at which network connection and content distribution methods are evolving is outstripping the ability of companies to securely support them, leaving firms in a state of constant risk.

Complex protocol stacks, weak encryption, shared keys, users' confusion, and bandwidth and device restrictions are encouraging vendors to take shortcuts with emerging mobile devices and services.

For example, as mobile phones become smarter, attacks through software updates and simple scripting will come to the fore, but Pescatore said the emergence of phone viruses will not be an issue until 2005. At that time service providers will need to have in place antiviral protection at the server level, because antiviral protection for individual mobile phones will likely be ineffective.

However, users should brace themselves for mobile spam, cookie stealing exploit bugs, file stealing and malicious content with each improvement in mobile phone functionality.

Pescatore said end-to-end wireless security, mainly because of the insecurity of Wap gateway - the software that provides the link between the internet and mobile phone networks - will not reach the level of that obtained over the internet until the first half of 2004.

A major target for hackers will be the Wap gateway, attacks on which can be mounted from anywhere on the internet. In particular the Wap gateways of service providers will act as 'hacker magnets' and are likely to be of insufficient strength for web transaction services, although good enough for email.

Gartner also predicts attackers will target WTLS (Wireless Transport Layer Security) in proof of concept attacks.

The analyst recommends that to guard against these problems companies will look to securely host Wap servers and employ available third-party software tools.