One 2016 survey that appeared in CNBC found nearly 60 percent of US consumers feel that their data is protected when using public Wi-Fi or Wireless network. Other findings show 50 percent feel that they have a personal responsibility to protect their data. Another 17 percent feel that the specific websites should ensure visitor data security, and the same portion believe that the Wi-Fi network vendor should take on all security responsibilities. In essence, the wireless access point (WAP) connection is not intrinsically unsafe. It gets insecure if is left unprotected – enabling the flow of data across it without any protection or encryptions. In truth, Wi-Fi hotspots are referred to as “secured” if it is protected with a WPA or WPA2 standard security protocol.So failure to secure yours with an impenetrable password validation process and encryptions exposes you to the danger of a breach. The aforementioned statistics show why Americans are never wary of the prying eyes of cybercriminals when accessing the internet through Wi-Fi networks. These felonious self-made data miners work to breach networks, so security should be priority number one whether you’re are logged in to a secure or private network.
There are a lot of security risks that come with sending you confidential data over WAP. This information can easily land in the wrong hands as hackers can effortlessly access and misuse it. That’s why you need to be careful when sharing your personal data or any private information over wireless network protocols. In this tech savvy millennium, people can use their smartphones for virtually everything including paying bills, shopping online, and so on. But this transaction information is easy to trace and hack hence you need to think of how to secure it. Wireless application protocol also called WAP is made up of a wireless network and a WAP gateway. Any request sent by a user from a Smartphone is first conveyed in Wireless Mark-up Language to the Wireless Application Protocol gateway. This info is then translated into a matching application in the HTTP format at the gateway and then sent to the web server. The file to be sent goes through the WAP gateway where the data is translated and compressed before being forwarded to the recipient. Therefore, the gateway serves as a proxy linking the customer to the server, but is often the weakest link from a security perspective. Here are two main reasons why you should avoid sharing sensitive information via wireless network protocol: 1.Transport-level security: This has to do with the communication between servers and client applications. The two rules guiding Transport-level security are: a) WTLS used through the air b) SSL used through the wire 2.Application-level security: App-level security deals with the protection/safety of use and involves use of encryptions and digital signatures. Developers often pay more attention to transport level security forgetting the importance of application level security. While a network-based radio network is more convenient, there are still a few security issues to worry about. Danny Bradbury delves into the problem areas and discovers what one can do to minimise risks. It seems like the 802.11b wireless standard was not one of Institute of Electrical and Electronic Engineers’ (IEEE) best innovations. There are a lot of security concerns surrounding its use. Broadcasting piles of data over a radius of 1,500m is very different from the use of cables. Cyber Security Experts are worried about the disparity between the frequency of use of wireless networks in the business world and the lack/low level of alertness of the weaknesses of local area networks (LANs). According to Geoff Davies, the MD at I-Sec, the disadvantage with broadcasting your private corporate data over a wider area is that you risk exposing it to smart fraudsters who are well-equipped with devices that can intercept signals. In a recent Infosec Security webinar in London, a team of experts from I-Sec demonstrated how easy it is to breach/hack into the wireless 802.11b network using just an empty tube filled with Pringles crisps and a wireless LAN sniffing service referred to as Netstumbler. Davies explained that the tube they used was the accurate length for the radio signal. A home-made piece of metal served as a 2.4GHz radio signal antenna, which helped boost the signal. To him, this means tricksters can access you info for as cheap as £85 (the cost of a home-made antennae).
WTLS creates a session between the Smartphone (client) and WAP gateway (server) in a stage known as handshake phase. Inthis phase, the security measures used in securing the session arediscussed. These include; signature algorithms, public keys, encryption protocols, and so on. As soon as one establishes a session, the system encrypts all the communication between theserver and client. WTLS also allows the user to suspendan ongoing session and pick up where they left off later. This means a session can last for as long as you like, even days. And your secret keys stay valid as long as session stays on— which increases the probability for a trickster to find your secret key. It’s no wonder WTLS enables renegotiation of keys during a session. WTLS also utilizes certificates. But since certificates weren’t originally designed to use on smartphones, WAP came up with an optimized format that’s specialized for use on smartphones and allows transmission across all networks in wireless 5. These certificates function more like regular X.509 certificates, only they sometimes depend on servers to initiate more processing.
WAP devices utilize the WIM (Wireless Identity Module) which has the essential public and private keys one needs to verify certificates and execute digital signatures respectively. The WIM is a tamper-proof tool that makes it difficult for cybercriminals to get hold of the keys stored in it. It measures up to the SIM in GSM.
One major threat with the wireless network or WAP is its gateway. However, it also has a few security loopholes in the WTLS protocol and a few potential threats on smartphones. Here are some important security issues. 1.
WAP doesn’t allow end-to-end data encryptions.WAP devices use Wireless Application Protocol gateway as an intermediary for communicating with web servers. WTLS only links the device to the gateway whereas SSL/TLS is usable on the gateway as well as the web server. The implication is that the WAP gateway holds (at least for some time) unencrypted data (often highly sensitive). For that reason gateway vendors must be sure to decrypt and re-encrypt keeping in mind that unencrypted data and keys are not saved on the disk, and that memory used in encryption and decryption should be erased before being restored to the OS (operating system). But how confident can the client be that this happens when there are no guarantees as regards to these precautions? The problem gets worse because WAP structural design completely presumes that the client (and the server) has confidence in the gateway. The repercussion is that the wireless network or Wireless Application Protocol gateway unencrypts all sensitive data which renders it a flaw for sensitive services like electronic banking. 2.
. The protocol used in data encryption all through WTLS sessions is decided upon during handshake phase. One can go for the 40-bit DES technique which uses a 5 byte key with 5 parity bits. The implication is that there are 35 dependable key bits in the 40-bit DES which makes it very easy for hackers to find the DES key. The 40-bit DES is an example of a weak encryption algorithm!
It’s crystal clear! Do not usea wireless network for sensitive services. Also, ensure your system doesn’t rely on weak “breacheable” encryption algorithms. WAP allows smartphones to browse the internet and is the wireless comparable of the TCP/IP. Its main strength is that it’s bearer independent. WAP’s security structural design is made up of three elements: the Smartphone, the internet and the gateway. Any communication linking the smartphone to the gateway is secured by WTLS. All WTLS traffic and SSL/TLS is decrypted by the Wireless Application Protocol gateway. And from a security stance, the gateway is considered the midway. For that reason, both the server and user must insist on a trustworthy gateway. But this isn’t always the situation though developers are constantly on the search for solutions to strengthen the midway. It seems like all the solutions they come up with have a few drawbacks. So while we anticipate better solutions, its wise be watchful when using the WAP. And for sensitive services, for example electronic banking, avoid using the WAP. However, for other simple applications, WAP will prove an excellent and resourceful piece of tech!!