Retail Wi-Fi open to hacking

Security consultancy AirDefense recently published its "2007 Retail Shopping Wireless Security Survey," which found that most of the wireless devices in use at retail are vulnerable to hacker attacks.

Tests were conducted within the wireless "air space" of 3,000 retailers across the United States. AirDefense discovered more than 2,500 wireless devices such as laptops, hand-helds, and barcode scanners in use by retailers — and 85 percent of those devices could have been compromised or risk stolen data due to data leakage, improperly configured access points, poor naming choices for access points or outdated access point firmware.

The most common data security lapses involved mis-configured access points that open backdoors to data. On several occasions, larger retailers had configured access points to work with WPA but had not switched off WEP, the weakest wireless security protocol. In addition, many retailers use their store name in the SSID, the name assigned by the equipment vendor to the wireless network during installation giving away a retailer's identity. SSIDs can easily be reconfigured but often times are not.

"Retailers around the country are leaving the proverbial barn door open for potential problems should unauthorized individuals desire to steal consumer credit card information and point-of-sale information," said Richard Rushing, the survey organizer and chief security officer, AirDefense.