Nearly half of wireless networks used by retailers are vulnerable to attacks and data-thieves, according to a new study released today.
Of retailers studied in some of the world's busiest shopping districts, 44 percent of wireless devices used by retailers used inferior encryption, mis-configured equipment, or no encryption at all. While high, retailers have made a marked improvement from last year's results, where 85 percent of retailers were vulnerable.
Retailers nationwide are improving wireless security, as quantified by the significant drop in vulnerable wireless devices that were discovered during this year's monitoring efforts, said Rushing, Motorola's senior director of information security for mobile devices.. However, a significant majority of retailers are still susceptible to a network intrusion—a sign that wireless security remains an afterthought for many.
The Motorola survey conducted by Rushing included a review of wireless data security at more than 4,000 stores cities around the world, including Atlanta; Boston; Chicago; Los Angeles; New York; San Francisco; London; Paris; Seoul, South Korea; and Sydney, Australia.
While 68 percent of the sites were using some form of encryption for their laptops, mobile computers and bar-code scanners, 25 percent of those were still using outdated WEP (Wired Equivalent Protocol) deployments, the weakest protocol for wireless data encryption.
Altogether, Motorola discovered almost 8,000 APs, with 22 percent of them misconfigured. Another 10 percent of the AP's SSIDs (Service Set Identifiers) were poorly named, which makes it relatively easy for potential data thieves to zero in on the store's identity. More than 32 percent of retailers had unencrypted data leakage, while 34 percent had encrypted data leakage.
As wireless exploded over the last few years, retailers had a bunch of devices that connected to the [store's] network, Rushing said. Then, you didn't have people who knew both wireless and security. The security model is just coming into play the last two to three years.
The fact that retailers adopted common practices across all of their stores exacerbated the problem.
The bad guys had a huge head start, Rushing said. We've caught up with them, but we're not necessarily ahead of them.