An IS auditor is performing a network security review of a telecom company that provides Internet connection services to shopping malls for their wireless customers. The company uses Wireless Transport Layer Security (WTLS) and Secure Sockets Layer (SSL) technology for protecting their customer’s payment information. The IS auditor should be MOST concerned if a hacker:

A.
compromises the Wireless Application Protocol (WAP) gateway.

B.
installs a sniffing program in front of the server.

C.
steals a customer’s PDA.

D.
listens to the wireless transmission.

Explanation:
In a WAP gateway, the encrypted messages from customers must be decrypted to transmit over the Internet and vice versA . Therefore, if the gateway is compromised, all of the messages would be exposed. SSL protects the messages from sniffing on the Internet, limiting disclosure of the customer’s information. WTLS provides authentication, privacy and integrity and prevents messages from eavesdropping.