Experts applaud move to close WAP security hole

According to cryptography experts, current encryption techniques leave wireless transactions open to fraud, but the Advanced Encryption Algorithm (AES) standard, now clears the way for the development of far more secure applications.

Guy Tweedale, EMEA director at Extensity, wireless software developer, said: "There has been a well known security hole with public WAP gateways, therefore any standard which will allow the development of more secure technology is welcome."

William Whyte, senior cryptographer at Baltimore Technologies, added: "The point of vulnerability lies at the gateway of a WAP server which potentially could allow anyone to read that message. The universal adoption of AES should make it possible for people to encrypt directly from the wireless device to any web server and it will subsequently remove the point of vulnerability."

Stuart Hillston, chief technology officer at business campaign group Interforum, said the standard will create the much-needed confidence in the m-commerce arena.

He said: "The creation of algorithm standard itself is a step forward. Customers just want to know whether they can interact safely over the internet and mobiles and if the vendors can come up with the goods, it can only have a positive effect."

The AES standard was agreed last Monday by the National Institute of Standards and Technology (NIST) - an arm of the US government's commerce department.

Algorithms based on the AES standard can be used to develop applications that allow sending encrypted information from a mobile device to a website without the need to decrypt and re-encrypt the message at the WAP gateway level.