Study: Many Retailers Easy To HackNovember 17th, 2007 - 12:01 am ICT by admin
Half of more than 3,000 retail stores that a wireless security company secretly monitored at major shopping areas in the U.S. and Europe use wireless data systems vulnerable to hacking, the company said Thursday.
The data that stores routinely transmit on wireless networks include credit card and Social Security numbers and other sensitive customer information.
AirDefense Inc., an Atlanta-based maker of security products for wireless data systems, found that about 25 percent of the stores’ 4,748 wireless access points were exchanging data with no encryption at all to foil electronic eavesdroppers.
Another 25 percent were using an outdated encryption method called Wireless Equivalent Privacy that is easily cracked by thieves using widely available tools.
The remaining half of the access points — the connections between wireless devices and computer networks — were using newer encryption methods that are considered far harder to crack.
“You can drive down a street with a laptop and easily find wireless access points, and it does not require a great degree of sophistication,” said Avivah Litan, a security analyst with Gartner Inc. “In technical circles, people talk about this all the time, but nobody ever puts it together broadly like this survey.”
Litan, who does not work with AirDefense, said she was familiar with its findings. She called them significant and said the survey of 3,045 stores was the largest involving retailers she is familiar with.
The six-week undercover project — conducted at shopping areas in Atlanta, Boston, Chicago, Los Angeles, New York, San Francisco, London and Paris — attempted to expose security holes in wireless networks that are increasingly used to transmit data inside stores.
Wireless systems are believed to have been the entry points for recent large-scale data thefts at retailers, including a massive heist at discount retailer TJX Cos.
TJX said in March that at least 45.7 million cards were exposed,…
Tags: airdefense, available tools, discount retailer, electronic eavesdroppers, encryption method, gartner inc, security analyst, sensitive customer, shopping areas, technical circles, tjx cos, wireless access points, wireless data systems, wireless networks, wireless systems