Time to wake up
Unfortunately, security experts say, not enough IT managers have heard or heeded the wireless security wake-up call. While companies have been busy implementing wireless access to their e-commerce sites and WLANs (wireless LANs) for enterprise applications, wireless transactions continue to have a much higher rate of failureâ€"up to three times the rate experienced by PC-based transactions, experts say. Many of those failures are due to wireless security vulnerabilities.
As the number of wireless devices and wireless enterprise applications grows, IT managers who haven't developed coherent wireless security strategies could soon be inundated. According to International Data, the number of wireless devices in the United States with two-way access to the Internet is expected to increase to 61.5 million by 2003. And by the middle of this year, IDC forecasts that all cell and Personal Communications Service phones will be Internet-enabled using WAP.
Already, the battle to protect wireless users has begun. Last June, computer security experts intercepted Timo fonica, a virus similar to the Love Letter virus designed to attack cell phones with text capabilities. And in September, security experts warned of the Liberty Crack virus, a PalmPilot Trojan horse disguised as a Game Boy emulator that deleted files.
"A lot of people are trying to figure out how to make money on the wireless Web, and it all hinges on being able to secure wireless transactions," said Joe LaMuraglia, director of wireless initiatives for Edmunds.com, an online purveyor of automotive pricing information. "Security is an issue we and our partners can't afford to ignore."
So, what's so unique and scary about security issues posed by m-commerce? For one thing, whereas PC-based applications can be secured using strong authentication and encryption, developers must work with wireless devices' limited memory, which makes the use of strong authentication and encryption difficult. A scaled-down form of SSL (Secure Sockets Layer) encryption is the only available option for most wireless developers.
At the same time, wireless developers must be able to support the multiple protocols used by devices such as mobile phones and handhelds. Each has its own built-in security features, some stronger than others.
Wireless developers have a unique authentication challenge. Because wireless devices such as cell phones and PDAs are small and highly mobile, they are easily and frequently stolen. That means user authentication is critical for secure m-commerce. Unfortunately, experts say, many current wireless protocols come up short on authentication.
