IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
News

London worst for retail wireless security

The latest research has found retailers are learning the lessons of last year’s TJX hack and improving their wireless network security, but London lags behind.

London has come in at the bottom of the pile when it comes to wireless security protection used by retailers, according to the second annual survey of 4,000 stores in some of the world's busiest shopping cities.

The research also found 44 per cent of the wireless devices used by retailers such as laptops, mobile computers and barcode scanners could be compromised.

This was still significantly lower than the 85 per cent of wireless devices that had security vulnerabilities in the same survey last year, around the same time as details of the Wi-Fi hack at US retailer TJX, causing one of the biggest known theft of credit card details in the world.

Motorola scanned the airwaves at major shopping centres across the US and in London, Paris, Seoul and Sydney for the presence of wireless networks using systems from the wireless local area network (WLAN) network security provider, AirDefense it acquired in September last year.

The Motorola AirDefense survey monitored 7,940 access points (APs) and found 32 per cent were unencrypted, compared to 26 per cent in last year's survey.

London was ranked the lowest in terms of retail wireless security, where only 51 per cent of APs scanned using some form of encryption. Retailers in Los Angeles and New York came out top, deploying some form of encryption on 77 per cent of their wireless APs and Paris ranked second with 76 per cent.

Overall, a quarter (25 per cent) were still using Wired Equivalent Privacy (WEP), the weakest protocol for wireless data encryption.

But new WEP deployments are prohibited by version 1.2 of the Payment Card Industry (PCI) Data Security Standard (DSS) in any part of the cardholder data environment (CDE) beyond 31 March 2009 and must eliminated from the CDE by 30 June 2010.

The research pointed out that, by using the same technology, configuration, security and naming conventions at every retail location, merchants can essentially repeat vulnerabilities across the store chain, rendering them non-PCI compliant and susceptible to attack.

Richard Rushing, Motorola Mobile Devices senior director of information security said that, despite an improvement on the numbers of vulnerable wireless devices found, "a significant majority of retailers are still susceptible to a network intrusion".

"[It's] a sign that wireless security remains an afterthought for many," he added.

A further 12 per cent of all APs monitored were using Wi-Fi Protected Access (WPA) security protocol protection, while 27 per cent were using WPA-PSK (pre-shared key), which can only be as strong as the shared password used to protect them. Overall, only seven per cent of retailers were using WPA2, the strongest Wi-Fi security protocol available today.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

CronRat Magecart malware uses 31st February date to remain undetected
malware

CronRat Magecart malware uses 31st February date to remain undetected

26 Nov 2021

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
Electrical explosion reported at Google's Iowa data centre
data centres

Electrical explosion reported at Google's Iowa data centre

9 Aug 2022