Re[2]: WAP Push for transaction approval
Hello Rene, I think this is the reason why wap is not popular in banking apps, still sms more pop. Rene, I have a question, where i can have to WTLS patch? TIA, Jul Saturday, July 16, 2005, 9:13:09 AM, you wrote: Depending on the phone, a WAP Push brings up a message on the screen, asking if the user wants to see the page that is contained in the WAP Push. For security reasons, if you want to use Kannel also as the WAP Gateway, you will need the WTLS patch (secure wap, kind of like using http/s). Another note on security: a WAP Push can easily be forged by anyone. A 'malicious user' can send a WAP Push with the sender-id of the bank, leading it to a page that looks similar to what you expect, but in fact it is another page. Not all phones display the actual URL, but merely just the description that is send along with the WAP Push. Besides that, most users have WAP configured with the WAP gateway of their provider, which leaves opportunities open for a man-in-the-middle attack. Email me if you want to know more details. Cheers, Rene Kluwen Chimit Good day, I have used Kannel in the past as a pure SMS gateway. For the last couple of days, I've been looking for a partial replacement for a SIM Toolkit application when I saw that one of Kannel's features is a WAP Push. Does anyone know what the effect is of receiving a WAP push on the mobile side? Can it only put a message in the mobile's inbox, or am I able to bring up a screen to allow a user to accept or decline a transaction. This is for a banking application, so any advice on security will aslo be of interest. -- Best regards, julyantomailto:[EMAIL PROTECTED]
Re: WAP Push for transaction approval
Essentially, Kannel will send an url to the phone, and the phone will fetch it.aarnoOn 15.7.2005, at 14.44, [EMAIL PROTECTED] wrote:Good day, I have used Kannel in the past as a pure SMS gateway. For the last couple of days, I've been looking for a partial replacement for a SIM Toolkit application when I saw that one of Kannel's features is a WAP Push. Does anyone know what the effect is of receiving a WAP push on the mobile side? Can it only put a message in the mobile's inbox, or am I able to bring up a screen to allow a user to accept or decline a transaction. This is for a banking application, so any advice on security will aslo be of interest. Thanks a stack, Jack *** DISCLAIMER The contents of this e-mail and any attachments thereto, are strictly confidential, and are intended solely for the use of the named recipient(s). If you have received this e-mail in error, you may not disclose, distribute or preserve it, but must delete it. Please notify the sender immediately by return e-mail. The sentiments and opinions contained in this email and any attachments thereto, are those of the writer personally and, unless expressly and unequivocally stated otherwise, are not the sentiments or opinions of Fundamo (Pty) Ltd. Fundamo (Pty) Ltd shall not be liable for any damage, harm or loss of any nature sustained by a recipient, whether named or not, as a direct or indirect result of any action or inaction taken by the recipient in response to the information contained herein. Fundamo (Proprietary) Limited - Registration Number 2000/004901/07 Email: [EMAIL PROTECTED] Tel: +27 21 943 2200 Fax: +27 21 914 3408
WAP Push for transaction approval
Good day, I have used Kannel in the past as a pure SMS gateway. For the last couple of days, I've been looking for a partial replacement for a SIM Toolkit application when I saw that one of Kannel's features is a WAP Push. Does anyone know what the effect is of receiving a WAP push on the mobile side? Can it only put a message in the mobile's inbox, or am I able to bring up a screen to allow a user to accept or decline a transaction. This is for a banking application, so any advice on security will aslo be of interest. Thanks a stack, Jack *** DISCLAIMER The contents of this e-mail and any attachments thereto, are strictly confidential, and are intended solely for the use of the named recipient(s). If you have received this e-mail in error, you may not disclose, distribute or preserve it, but must delete it. Please notify the sender immediately by return e-mail. The sentiments and opinions contained in this email and any attachments thereto, are those of the writer personally and, unless expressly and unequivocally stated otherwise, are not the sentiments or opinions of Fundamo (Pty) Ltd. Fundamo (Pty) Ltd shall not be liable for any damage, harm or loss of any nature sustained by a recipient, whether named or not, as a direct or indirect result of any action or inaction taken by the recipient in response to the information contained herein. Fundamo (Proprietary) Limited - Registration Number 2000/004901/07 Email: [EMAIL PROTECTED] Tel: +27 21 943 2200 Fax: +27 21 914 3408
Re: WAP Push for transaction approval
Depending on the phone, a WAP Push brings up a message on the screen, asking if the user wants to see the page that is contained in the WAP Push. For security reasons, if you want to use Kannel also as the WAP Gateway, you will need the WTLS patch (secure wap, kind of like using http/s). Another note on security: a WAP Push can easily be forged by anyone. A 'malicious user' can send a WAP Push with the sender-id of the bank, leading it to a page that looks similar to what you expect, but in fact it is another page. Not all phones display the actual URL, but merely just the description that is send along with the WAP Push. Besides that, most users have WAP configured with the WAP gateway of their provider, which leaves opportunities open for a man-in-the-middle attack. Email me if you want to know more details. Cheers, Rene Kluwen Chimit Good day, I have used Kannel in the past as a pure SMS gateway. For the last couple of days, I've been looking for a partial replacement for a SIM Toolkit application when I saw that one of Kannel's features is a WAP Push. Does anyone know what the effect is of receiving a WAP push on the mobile side? Can it only put a message in the mobile's inbox, or am I able to bring up a screen to allow a user to accept or decline a transaction. This is for a banking application, so any advice on security will aslo be of interest. Thanks a stack, Jack *** DISCLAIMER The contents of this e-mail and any attachments thereto, are strictly confidential, and are intended solely for the use of the named recipient(s). If you have received this e-mail in error, you may not disclose, distribute or preserve it, but must delete it. Please notify the sender immediately by return e-mail. The sentiments and opinions contained in this email and any attachments thereto, are those of the writer personally and, unless expressly and unequivocally stated otherwise, are not the sentiments or opinions of Fundamo (Pty) Ltd. Fundamo (Pty) Ltd shall not be liable for any damage, harm or loss of any nature sustained by a recipient, whether named or not, as a direct or indirect result of any action or inaction taken by the recipient in response to the information contained herein. Fundamo (Proprietary) Limited - Registration Number 2000/004901/07 Email: [EMAIL PROTECTED] Tel: +27 21 943 2200 Fax: +27 21 914 3408