London worst for retail wireless security

gallery

London has come in at the bottom of the pile when it comes to wireless security protection used by retailers, according to the second annual survey of 4,000 stores in some of the world’s busiest shopping cities.

The research also found 44 per cent of the wireless devices used by retailers – such as laptops, mobile computers and barcode scanners – could be compromised.

This was still significantly lower than the 85 per cent of wireless devices that had security vulnerabilities in the same survey last year, around the same time as details of the Wi-Fi hack at US retailer TJX, causing one of the biggest known theft of credit card details in the world.

Motorola scanned the airwaves at major shopping centres across the US and in London, Paris, Seoul and Sydney for the presence of wireless networks using systems from the wireless local area network (WLAN) network security provider, AirDefense it acquired in September last year.

The Motorola AirDefense survey monitored 7,940 access points (APs) and found 32 per cent were unencrypted, compared to 26 per cent in last year’s survey.

London was ranked the lowest in terms of retail wireless security, where only 51 per cent of APs scanned using some form of encryption. Retailers in Los Angeles and New York came out top, deploying some form of encryption on 77 per cent of their wireless APs and Paris ranked second with 76 per cent.

Overall, a quarter (25 per cent) were still using Wired Equivalent Privacy (WEP), the weakest protocol for wireless data encryption.

But new WEP deployments are prohibited by version 1.2 of the Payment Card Industry (PCI) Data Security Standard (DSS) in any part of the cardholder data environment (CDE) beyond 31 March 2009 and must eliminated from the CDE by 30 June 2010.

The research pointed out that, by using the same technology, configuration, security and naming conventions at every retail location, merchants can essentially repeat vulnerabilities across the store chain, rendering them non-PCI compliant and susceptible to attack.

Richard Rushing, Motorola Mobile Devices senior director of information security said that, despite an improvement on the numbers of vulnerable wireless devices found, “a significant majority of retailers are still susceptible to a network intrusion”.

“[It's] a sign that wireless security remains an afterthought for many,” he added.

A further 12 per cent of all APs monitored were using Wi-Fi Protected Access (WPA) security protocol protection, while 27 per cent were using WPA-PSK (pre-shared key), which can only be as strong as the shared password used to protect them. Overall, only seven per cent of retailers were using WPA2, the strongest Wi-Fi security protocol available today.

Email to a friend

Print this page