A study has discovered that while retailers are physically securing their businesses to prevent theft, they are not taking the same precautions with their wireless security.
The "2007 Retail Shopping Wireless Security Survey" conducted by AirDefense, tested the wireless "perimeters" of 3,000 shops across the United States and parts of Europe. It discovered that of 2,500 wireless devices such as laptops, hand-helds, and barcode scanners detected, 85 percent of these were wide open to hacking.
This is mostly down to data leakage, misconfigured access points, outdated access point firmware, poor naming choices for access points, and a "cookie-cutter" technology approach by large retailers.
The survey also monitored nearly 5,000 access points, and AirDefense discovered that 25 percent were unencrypted. The good news was that 74 percent were encrypted, but 25 percent used Wired Equivalent Privacy (WEP), one of the weakest protocols for wireless data encryption. Forty-nine percent used Wi-Fi Protected Access (WPA) or WPA 2, the two strongest encryption protocols.
As would be expected, the study found that retailers maintained much stronger physical security measures than wireless security.
"Retailers today are much more adept at preventing or minimizing shoplifting by using a layered security approach, but the same can't be said for wireless security, where misconfigured or unencrypted access points were evident in every city," said Mike Potts, president and CEO of AirDefense.
Indeed, it seems that the most common data security lapses involved misconfigured access points that open backdoors to data. Some of the networks were discovered to be fresh out of the box, using default configurations and SSID (Service Set Identification), such as retail wireless, POS Wi-Fi, or store#1234. This is especially dangerous, as it shows hackers that nothing has been changed on these wireless networks.
The importance of securing networks was highlighted last week when a study by security vendor Sophos found that 54 percent of computer users had "piggybacked" on other people's Wi-Fi connections.
Retailer TJX was hit earlier this year by a highly damaging data breach when at least 94 million credit and debit card accounts were stolen from its computers by hackers.
In an effort to help, AirDefense has unveiled a list of 'best practices' that consumers and retailers can use to protect themselves while using their wireless devices at locations offering Wi-Fi networks.
- Sponsored Resource:Are you ready for virtualization? Try the sever assessment tool.
- Sponsored Resource:Stay at home servers. Learn more about a home server for your family.
- Sponsored Resource:Get the communications, data, and security a business needs in one neat package. Learn more.
- Sponsored Resource:Learn more about ultra light notebooks from Asus and the best warranty in the industry.
- Sponsored Resource:Thinking about a new Laptop? Lenovo has models to meet everyone's needs.
- Sponsored Resource:Get the truth about remanufactured ink. Learn more from HP.
- Sponsored Resource:Small budget, big impact. Create Brochures that pop with HP laser jets printers.
- Sponsored Resource:Six smart ways to grow small business IT
Community Comments