WAP enables mobile phones to browse the internet. It is the wireless equivalent to TCP/IP and has the big advantage of being bearer independent. The security architecture of WAP consists of three parts: the mobile phone, the WAP gateway, and the Internet. The communication between the mobile phone and the gateway is protected by WTLS, a wireless version of SSL/TLS, while the traffic from the gateway to the Internet can be protected by SSL/TLS.
The WAP gateway decrypts all the WTLS traffic and encrypts all the SSL/TLS traffic. From a security point of view, this means that the gateway should be considered as an entity-in-the-middle. It is due to this fact that both the user and the web server on the Internet have to trust the WAP gateway.
As this is not always the case, solutions have been searched for to avoid this entity-in-the-middle. All these solutions have some disadvantages: the user has to configure his own system (choose the WAP gateway) or all the WAP gateways and servers have to be upgraded. Until better solutions are found, it is a good idea to be cautious when using WAP. When you want to execute some sensitive application (like electronic banking), it is maybe a good idea not to use WAP.
For other applications, WAP is a nice and ingenious technology.WAP provides a markup language and transport protocol standards that create the opportunity for the wireless environment and give businesses from all levels of the industry access to a new market still in its infancy. Major companies are beginning to develop WAP applications that allow people to control their finances on their WAP devices. There is a lot of money being invested in this technology.
This means that it is a standard that will be around for quite a while because users and companies will be reluctant to abandon their applications that they have already invested a great amount of time and money into should the holes in WAP not be fixed. WAP has the potential to lead or restrict the wireless revolution. This is why it is important to discuss the security issues that are present.
The WAP Forum must address these issues raised in upcoming WAP versions to make sure that information remains safe when someone uses their wireless device for confidential data transmission and thinks they are getting a secure connection from one end to the other. If their vision is what they are planning to implement WAP will definitely bridge the gap between the mobile world and the Internet.