Safe Surfing on the Wireless Web

Trading stocks or buying plane tickets on your mobile phone may be convenient, but how secure is an instrument that routinely disconnects when you talk?

With the coming of wireless application protocol for phones and wireless personal digital assistants, the Web is now mobile. Portals like Yahoo let you check e-mail and stocks, while electronic commerce sites like Amazon.com let you shop while you walk. Still, with hackers continuously attacking the wire-line Internet, how secure is the wireless Web?

As Good (or Bad) as the Net

It's true that people could eavesdrop on calls made with analog phones, says Craig Mathius, a principal at the Farpoint Group, an advisory and integration firm specializing in wireless.

"With digital phones [which Web phones are], this is not possible; digital calls are encrypted," he says.

Wireless carriers, WAP sites, and other technology providers tell us the wireless Web browser is as secure as using a regular browser. But experts say there's room for improvement.

"The hype over the wireless Web far exceeds the reality," Mathius says. "We'll get to the point where security over wireless is good enough, but I have to be convinced.… Personally, I don't buy stocks on cell phones."

He's learned from bad experience on the wire-line Internet, Mathius adds.

"I've has my credit card number stolen twice now," Mathius says. He figures, why conduct risky transactions unnecessarily?

Many credit card companies promise to back you if your card is pilfered during Net transactions. Still, more than 60 percent of us think it is too easy for credit card information to be stolen online, according to Cyber Dialogue's 1999 American Internet User Survey.

Security on Two Levels

The wireless Web may offer some extra safety. Wireless transactions both encrypt information and provide authentication to prove your identity.

"WAP has features for both. The question is: Are they good enough? And that's hard to answer," Mathius says.

Phone.com licenses its UP.browser, an early version of the WAP browser, to mobile phone services in the United States. The company says its browser is as secure as the browser on your desktop.

"We use the same types of algorithms and encryption strengths as people do over the Internet," says Roger Snyder, senior product manager of Phone.com.

Safety in Flight

Because wireless data travels two roads--airwaves and the Internet--it could be argued that it is twice as vulnerable or doubly secure as Internet data.

WAP adds a second layer, wireless transport layer security (WTLS), on top of the base voice encryption that digital protocols use, Snyder says. "WTLS is a version of TLS, what SSL [Secure Sockets Layer] has become," he says.

Once data travels from the handset to the cellular base station, it hits the wire-line Internet, where it is encrypted with standard SSL, or TLS, security.

Individual sites don't have to implement WTLS to secure the transactions of their wireless customers; they just use standard encryption, Snyder says.