London worst for retail wireless security

The latest research has found retailers are learning the lessons of last year’s TJX hack and improving their wireless network security, but London lags behind.

London has come in at the bottom of the pile when it comes to wireless security protection used by retailers, according to the second annual survey of 4,000 stores in some of the world's busiest shopping cities.

The research also found 44 per cent of the wireless devices used by retailers such as laptops, mobile computers and barcode scanners could be compromised.

Advertisement - Article continues below

This was still significantly lower than the 85 per cent of wireless devices that had security vulnerabilities in the same survey last year, around the same time as details of the Wi-Fi hack at US retailer TJX, causing one of the biggest known theft of credit card details in the world.

Motorola scanned the airwaves at major shopping centres across the US and in London, Paris, Seoul and Sydney for the presence of wireless networks using systems from the wireless local area network (WLAN) network security provider, AirDefense it acquired in September last year.

The Motorola AirDefense survey monitored 7,940 access points (APs) and found 32 per cent were unencrypted, compared to 26 per cent in last year's survey.

London was ranked the lowest in terms of retail wireless security, where only 51 per cent of APs scanned using some form of encryption. Retailers in Los Angeles and New York came out top, deploying some form of encryption on 77 per cent of their wireless APs and Paris ranked second with 76 per cent.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Overall, a quarter (25 per cent) were still using Wired Equivalent Privacy (WEP), the weakest protocol for wireless data encryption.

But new WEP deployments are prohibited by version 1.2 of the Payment Card Industry (PCI) Data Security Standard (DSS) in any part of the cardholder data environment (CDE) beyond 31 March 2009 and must eliminated from the CDE by 30 June 2010.

The research pointed out that, by using the same technology, configuration, security and naming conventions at every retail location, merchants can essentially repeat vulnerabilities across the store chain, rendering them non-PCI compliant and susceptible to attack.

Richard Rushing, Motorola Mobile Devices senior director of information security said that, despite an improvement on the numbers of vulnerable wireless devices found, "a significant majority of retailers are still susceptible to a network intrusion".

"[It's] a sign that wireless security remains an afterthought for many," he added.

A further 12 per cent of all APs monitored were using Wi-Fi Protected Access (WPA) security protocol protection, while 27 per cent were using WPA-PSK (pre-shared key), which can only be as strong as the shared password used to protect them. Overall, only seven per cent of retailers were using WPA2, the strongest Wi-Fi security protocol available today.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/mobile/mobile-security/355889/parachute-introduces-superlock-feature
mobile security

Parachute's Superlock feature keeps your phone recording in an emergency

2 Jun 2020
Visit/security/encryption/355820/k2view-innovates-in-data-management-with-new-encryption-patent
encryption

K2View innovates in data management with new encryption patent

28 May 2020
Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020

Most Popular

Visit/security/ransomware/355891/nasa-it-contractor-ransomware-hack
ransomware

Ransomware collective claims to have hacked NASA IT contractor

3 Jun 2020
Visit/security/exploits/355866/critical-vmware-cloud-director-exploit-lets-hackers-seize-corporate
exploits

VMware Cloud Director exploit lets hackers seize corporate servers

2 Jun 2020
Visit/data-insights/data-science/355678/how-data-science-is-transforming-business
Sponsored

How data science is transforming business

29 May 2020