London worst for retail wireless security

The latest research has found retailers are learning the lessons of last year’s TJX hack and improving their wireless network security, but London lags behind.

London has come in at the bottom of the pile when it comes to wireless security protection used by retailers, according to the second annual survey of 4,000 stores in some of the world's busiest shopping cities.

The research also found 44 per cent of the wireless devices used by retailers such as laptops, mobile computers and barcode scanners could be compromised.

This was still significantly lower than the 85 per cent of wireless devices that had security vulnerabilities in the same survey last year, around the same time as details of the Wi-Fi hack at US retailer TJX, causing one of the biggest known theft of credit card details in the world.

Motorola scanned the airwaves at major shopping centres across the US and in London, Paris, Seoul and Sydney for the presence of wireless networks using systems from the wireless local area network (WLAN) network security provider, AirDefense it acquired in September last year.

The Motorola AirDefense survey monitored 7,940 access points (APs) and found 32 per cent were unencrypted, compared to 26 per cent in last year's survey.

London was ranked the lowest in terms of retail wireless security, where only 51 per cent of APs scanned using some form of encryption. Retailers in Los Angeles and New York came out top, deploying some form of encryption on 77 per cent of their wireless APs and Paris ranked second with 76 per cent.

Overall, a quarter (25 per cent) were still using Wired Equivalent Privacy (WEP), the weakest protocol for wireless data encryption.

But new WEP deployments are prohibited by version 1.2 of the Payment Card Industry (PCI) Data Security Standard (DSS) in any part of the cardholder data environment (CDE) beyond 31 March 2009 and must eliminated from the CDE by 30 June 2010.

The research pointed out that, by using the same technology, configuration, security and naming conventions at every retail location, merchants can essentially repeat vulnerabilities across the store chain, rendering them non-PCI compliant and susceptible to attack.

Richard Rushing, Motorola Mobile Devices senior director of information security said that, despite an improvement on the numbers of vulnerable wireless devices found, "a significant majority of retailers are still susceptible to a network intrusion".

"[It's] a sign that wireless security remains an afterthought for many," he added.

A further 12 per cent of all APs monitored were using Wi-Fi Protected Access (WPA) security protocol protection, while 27 per cent were using WPA-PSK (pre-shared key), which can only be as strong as the shared password used to protect them. Overall, only seven per cent of retailers were using WPA2, the strongest Wi-Fi security protocol available today.

Featured Resources

How virtual desktop infrastructure enables digital transformation

Challenges and benefits of VDI

Free download

The Okta digital trust index

Exploring the human edge of trust

Free download

Optimising workload placement in your hybrid cloud

Deliver increased IT agility with the cloud

Free Download

Modernise endpoint protection and leave your legacy challenges behind

The risk of keeping your legacy endpoint security tools

Download now

Recommended

CronRat Magecart malware uses 31st February date to remain undetected
malware

CronRat Magecart malware uses 31st February date to remain undetected

26 Nov 2021
Going contactless with shoppers in a post-COVID world
Whitepaper

Going contactless with shoppers in a post-COVID world

13 Jul 2021
The AI-powered supply chain
Whitepaper

The AI-powered supply chain

8 Jun 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

6 Jan 2022