WAP may Stumble over the Gateway (Security in WAP-based Mobile Commerce)

The key design idea underlying the Wireless Application Protocol (WAP) is to use a gateway at the intersection of the wireless mobile network and the traditional, wired network. The WAP gateway forwards web content to the mobile phone in a way intended to accommodate the limited bandwidth of the mobile network and the mobile phone’s limited processing capability. However, the gateway introduces a security hole which may render WAP unsuitable for m-commerce and other security-sensitive transactions and services on the emerging mobile Internet. The paper explains the security hole and the gateway-based design that has led to it, including the technical and business considerations underlying the design. A number of ways to correct the situation are discussed, including a complete re-design of WAP as proposed for the future version 2.0 of the protocol.