London worst for retail wireless security

The latest research has found retailers are learning the lessons of last year’s TJX hack and improving their wireless network security, but London lags behind.

London has come in at the bottom of the pile when it comes to wireless security protection used by retailers, according to the second annual survey of 4,000 stores in some of the world's busiest shopping cities.

The research also found 44 per cent of the wireless devices used by retailers such as laptops, mobile computers and barcode scanners could be compromised.

This was still significantly lower than the 85 per cent of wireless devices that had security vulnerabilities in the same survey last year, around the same time as details of the Wi-Fi hack at US retailer TJX, causing one of the biggest known theft of credit card details in the world.

Motorola scanned the airwaves at major shopping centres across the US and in London, Paris, Seoul and Sydney for the presence of wireless networks using systems from the wireless local area network (WLAN) network security provider, AirDefense it acquired in September last year.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The Motorola AirDefense survey monitored 7,940 access points (APs) and found 32 per cent were unencrypted, compared to 26 per cent in last year's survey.

London was ranked the lowest in terms of retail wireless security, where only 51 per cent of APs scanned using some form of encryption. Retailers in Los Angeles and New York came out top, deploying some form of encryption on 77 per cent of their wireless APs and Paris ranked second with 76 per cent.

Overall, a quarter (25 per cent) were still using Wired Equivalent Privacy (WEP), the weakest protocol for wireless data encryption.

But new WEP deployments are prohibited by version 1.2 of the Payment Card Industry (PCI) Data Security Standard (DSS) in any part of the cardholder data environment (CDE) beyond 31 March 2009 and must eliminated from the CDE by 30 June 2010.

The research pointed out that, by using the same technology, configuration, security and naming conventions at every retail location, merchants can essentially repeat vulnerabilities across the store chain, rendering them non-PCI compliant and susceptible to attack.

Richard Rushing, Motorola Mobile Devices senior director of information security said that, despite an improvement on the numbers of vulnerable wireless devices found, "a significant majority of retailers are still susceptible to a network intrusion".

Advertisement - Article continues below

"[It's] a sign that wireless security remains an afterthought for many," he added.

A further 12 per cent of all APs monitored were using Wi-Fi Protected Access (WPA) security protocol protection, while 27 per cent were using WPA-PSK (pre-shared key), which can only be as strong as the shared password used to protect them. Overall, only seven per cent of retailers were using WPA2, the strongest Wi-Fi security protocol available today.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020