Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Security

Top How-Tos / Advice articles

Retail Wi-Fi wide open to hackers, study finds

The ghosts of TJX, anyone?

By Tom Jowitt | Techworld | Published: 10:35, 20 November 2007

A study has discovered that while retailers are physically securing their businesses to prevent theft, they are not taking the same precautions with their wireless security.

The "2007 Retail Shopping Wireless Security Survey" conducted by AirDefense, tested the wireless "perimeters" of 3,000 shops across the United States and parts of Europe. It discovered that of 2,500 wireless devices such as laptops, hand-helds, and barcode scanners detected, 85 percent of these were wide open to hacking.

This is mostly down to data leakage, mis-configured access points, outdated access point firmware, poor naming choices for access points, and a "cookie-cutter" technology approach by large retailers.

The survey also monitored nearly 5,000 access points, and AirDefense discovered that 25 percent were unencrypted. The good news was that 74 percent were encrypted, but 25 percent used Wired Equivalent Privacy (WEP), one of the weakest protocols for wireless data encryption. Forty-nine percent used Wi-Fi Protected Access (WPA) or WPA 2, the two strongest encryption protocols.

As would be expected, the study found that retailers maintained much stronger physical security measures than wireless security.

"Retailers today are much more adept at preventing or minimising shoplifting by using a layered security approach, but the same can’t be said for wireless security, where mis-configured or unencrypted access points were evident in every city," said Mike Potts, president and CEO of AirDefense.

Indeed, it seems that the most common data security lapses involved mis-configured access points that open backdoors to data. Some of the networks were discovered to be fresh out of the box, using default configurations and SSID (Service Set Identification), such as retail wireless, POS WIFI, or store#1234. This is especially dangerous, as it shows hackers that nothing has been changed on these wireless networks.

The importance of securing networks was highlighted last week when a study by security vendor Sophos found that 54 percent of computer users had "piggybacked" on other people’s Wi-Fi connections.

Retailer TJX was hit earlier this year by a highly damaging data breach when at least 94 million credit and debit card accounts were stolen from its computers by hackers.

In an effort to help, AirDefense has unveiled a list of 'best practices' that consumers and retailers can use to protect themselves while using their wireless devices at locations offering Wi-Fi networks.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.