Mobile web boom leaves WAP gateway open to infection

Next generation mobile phones that can access the internet will create potentially devastating security holes that could leave corporate networks open to assault, security experts warned last week.

Next generation mobile phones that can access the internet will create potentially devastating security holes that could leave corporate networks open to assault, security experts warned last week.

Geoff Readman, sales director at WAP server hosting firm WapHQ, said the use of WAP-enabled mobile telephones is risky for corporate or sensitive data.

Mobile internet applications use an interface between the mobile phone network and the Internet, termed a WAP gateway. This gateway converts WAP requests into HTTP format, and redirects the Web server's HTTP responses back to the phone.

Readman said that without effective security procedures corporates were opening themselves up to security breaches.

Security concerns about WAP grew last week when it was revealed that researchers at security vendor F-Secure's lab had been able to write code that reboots a phone remotely, allowing names, addresses and other information on it to be stolen.

This exploits the fact that many mobile phones can be configured by remote control. WAP services can be switched on by sending the phone commands, which are then recorded on its SIM card.

Jason Holloway, UK manager of F-Secure, said anti-virus software to prevent such attacks needed to be put in place before virus writers started distributing malicious code.

Analyst GartnerGroup confirmed this view. It predicted that, by 2005, at least 10 per cent of attacks on enterprise networks will be caused by an infected mobile device spreading hostile code.

A representative for Orange claimed security measures built into WAP meant that only network operators and SIM card makers could reconfigure it.