Retail Wi-Fi wide open to hackers, study finds

The ghosts of TJX, anyone?

A study has discovered that while retailers are physically securing their businesses to prevent theft, they are not taking the same precautions with their wireless security.

The "2007 Retail Shopping Wireless Security Survey" conducted by AirDefense, tested the wireless "perimeters" of 3,000 shops across the United States and parts of Europe. It discovered that of 2,500 wireless devices such as laptops, hand-helds, and barcode scanners detected, 85 percent of these were wide open to hacking.

This is mostly down to data leakage, misconfigured access points, outdated access point firmware, poor naming choices for access points, and a "cookie-cutter" technology approach by large retailers.

The survey also monitored nearly 5,000 access points, and AirDefense discovered that 25 percent were unencrypted. The good news was that 74 percent were encrypted, but 25 percent used Wired Equivalent Privacy (WEP), one of the weakest protocols for wireless data encryption. Forty-nine percent used Wi-Fi Protected Access (WPA) or WPA 2, the two strongest encryption protocols.

As would be expected, the study found that retailers maintained much stronger physical security measures than wireless security.

"Retailers today are much more adept at preventing or minimizing shoplifting by using a layered security approach, but the same can't be said for wireless security, where misconfigured or unencrypted access points were evident in every city," said Mike Potts, president and CEO of AirDefense.

Indeed, it seems that the most common data security lapses involved misconfigured access points that open backdoors to data. Some of the networks were discovered to be fresh out of the box, using default configurations and SSID (Service Set Identification), such as retail wireless, POS Wi-Fi, or store#1234. This is especially dangerous, as it shows hackers that nothing has been changed on these wireless networks.

The importance of securing networks was highlighted last week when a study by security vendor Sophos found that 54 percent of computer users had "piggybacked" on other people's Wi-Fi connections.

Retailer TJX was hit earlier this year by a highly damaging data breach when at least 94 million credit and debit card accounts were stolen from its computers by hackers.

In an effort to help, AirDefense has unveiled a list of 'best practices' that consumers and retailers can use to protect themselves while using their wireless devices at locations offering Wi-Fi networks.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tom Jowitt

Techworld.com

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?