Retail Wi-Fi wide open to hackers, study finds

Survey finds that while retailers maintain stronger physical security measures, 85 percent of wireless devices used at shops are open to hacking

By Tom Jowitt, Techworld.com
November 20, 2007

Talkback

E-mail

Printer Friendly

Reprints

A study has discovered that while retailers are physically securing their businesses to prevent theft, they are not taking the same precautions with their wireless security.

The "2007 Retail Shopping Wireless Security Survey" conducted by AirDefense, tested the wireless "perimeters" of 3,000 shops across the United States and parts of Europe. It discovered that of 2,500 wireless devices such as laptops, hand-helds, and barcode scanners detected, 85 percent of these were wide open to hacking.

This is mostly down to data leakage, misconfigured access points, outdated access point firmware, poor naming choices for access points, and a "cookie-cutter" technology approach by large retailers.

The survey also monitored nearly 5,000 access points, and AirDefense discovered that 25 percent were unencrypted. The good news was that 74 percent were encrypted, but 25 percent used Wired Equivalent Privacy (WEP), one of the weakest protocols for wireless data encryption. Forty-nine percent used Wi-Fi Protected Access (WPA) or WPA 2, the two strongest encryption protocols.

As would be expected, the study found that retailers maintained much stronger physical security measures than wireless security.

"Retailers today are much more adept at preventing or minimizing shoplifting by using a layered security approach, but the same can't be said for wireless security, where misconfigured or unencrypted access points were evident in every city," said Mike Potts, president and CEO of AirDefense.

Indeed, it seems that the most common data security lapses involved misconfigured access points that open backdoors to data. Some of the networks were discovered to be fresh out of the box, using default configurations and SSID (Service Set Identification), such as retail wireless, POS Wi-Fi, or store#1234. This is especially dangerous, as it shows hackers that nothing has been changed on these wireless networks.

The importance of securing networks was highlighted last week when a study by security vendor Sophos found that 54 percent of computer users had "piggybacked" on other people's Wi-Fi connections.

Retailer TJX was hit earlier this year by a highly damaging data breach when at least 94 million credit and debit card accounts were stolen from its computers by hackers.

In an effort to help, AirDefense has unveiled a list of 'best practices' that consumers and retailers can use to protect themselves while using their wireless devices at locations offering Wi-Fi networks.

Techworld.com is an InfoWorld affiliate.

Add to:

Digg

Talkback:

comment Post a Comment

MOST COMMENTS

XP SP3 cripples some PCs with endless reboots

OpenOffice.org beta fails the Office 2007 test

Microsoft faults OEMs for some XP SP3 endless reboots

Apple slammed on climate change

>> Talkback: Have your say

Virtualization: A Step by Step Approach to Success
Your virtual machines can be up and running in a matter of minutes. HP and Citrix have integrated XenServer with HP ProLiant servers and management tools, powered by hardware-assisted Intel Virtualization Technology to enable high- performance, cost-savings solutions for server consolidation and disaster recovery. Sponsor: HP

» Click here to view this Webcast

Storage is big, and getting bigger
The only certainty is that your requirement for storage will never be satisfied. While you clean out space and authorize POs, you might consider another alternative: outsourcing. The best way to deal with storage might be to let someone else deal with it. Sponsored by SGI

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

Need simple, low cost server virtualization? - Do more with less. Support fewer servers. Simplify disaster recovery. Implement proven, easy-to-use server virtualization...
Virtually Limitless Virtual Storage - Do you need virtualization space savings of 50% or more with virtually no performance impact? You might be able to get storage...
Invisible IT? - The goal of IT is to become an invisible entity within a larger organization. Eliminating visibility and road blocks IT ...
It Really Is Easy to be Green - "Green IT" is a popular concept. And IT organizations are learning the influence that IT purchase decisions have on data...
Key Strategies For SOA Testing - SOA requires a unique approach to testing. Unless you're willing to reorient your testing procedures and technology now,...
The Missing Piece of Virtualization - Server virtualization saves money and increases flexibility. But, challenges exist as I/O-intensive applications like databases...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

Retail Wi-Fi wide open to hackers, study finds

MOST COMMENTS

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Video

Podcasts

InfoWorld Blogs

Columnists

Find Products and Companies

Resource Center

Sponsored Technology Links

Sponsored Technology Links
Qwest - Learn how Qwest voice and data solutions can save you time. MKS - The Power of UNIX/Linux on Windows with MKS Toolkit CA - Manage your IT more effectively. Efficient - Flexible - Compliant CA - Plan better, manage better. Vision Solutions - Is your smaller organization ready for High Availability? Vision Solutions - Is system maintenance doing more harm than good? HP - NEW HP LaserJet P4014n printer Starting at $699 after $100 IS. Rackspace - Fanatical Support Promise: Live Support 24x7x365 HP - HP LaserJet M3035 MFP series Starting at $1,599. SHOP NOW Collabnet - Virtual Test Lab Automation: Manage development infrastructure HP - StorageWorks All-in-One Storage Systems. hp.com/betterstorage HP - Improve Resource Utilization and Lower Operating Costs Ipswitch - WhatsUp Gold V12 - network management & monitoring for any size network. HP - Webcast: 5 Things You Need to Know About Storage Virtualization Xerox - Typhoon 8860: Enter to win a Xerox PhaserTM 8860 network color printer! BEA - Webcast: Dialing up Agility with Business Transformation Verisign - Protect Your Data with SSL HP - Speed, agility, flexibility - The HP BladeSystem c-Class. InterSystems - Development, integration, BPM, and BAM together in Ensemble Citrix - Need simple, low cost server virtualization? Xerox - Enter to win a Xerox Phaser(TM) 6180 network color printer! Mindreef - Key Strategies For SOA Testing		Citrix - Go green.Virtualize servers with Citrix XenServer(TM) - FREE Citrix - Instant server virtualization. Citrix XenServer(TM) - Free! HP - Virtualization: A Step by Step Approach to Success Microsoft - Tech-Ed 08\|Microsoft's largest tech conference\|June 08 in Orlando Neterion - The Missing Piece of Virtualization Seagate - Maxtor OneTouch(tm) 4 Mini backs up your PC on the go Box.net - Upgrade Your Classic Collaboration Tools Overland Security - The Data Protection You've Been Looking For Lefthand Networks - Free White Paper on Matching Server & Storage Virtualization Vkernel - Resolve Capacity Bottlenecks and Enhance Your Virtual Environment Tripwire - Secure your virtual and physical environments with the same software. Crosscheck Networks - Accelerate Your SOA Projects Nokia - Restore Your Mobile Devices With One Click Oracle - The Power of Two with SOA and BPM Microsoft - Microsoft Forefront security products for business. Learn more. Oracle - Fueling the Responsive Enterprise Microsoft - Meet Windows Server 2008. The server unleashed. Microsoft - Tech-Ed 08\|Microsoft's largest tech conference\|June 08 in Orlando Microsoft - {Open Source} Heroes Happen Here Xerox - Enter to win a Xerox Phaser(TM) 6360 network color printer! Vizioncore - Vizioncore has solutions for virtually any virtual need.

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS CAREERS IT EXEC-CONNECT	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist