Retailers still failing on wireless security

Are data-robbers getting their hands on your access points?

Retailers are dragging their feet when it comes to ensuring wireless networks are safe from hackers, a new survey has claimed.

Thousands of wireless access points (APs) in busy retail centres across the globe are wide open to wireless data-robbers, an annual Motorola wireless security survey found. Almost a third (32 per cent) of 7,940 APs probed were found to be unencrypted, a six percentage point rise on the year before.

A quarter of APs were still using WEP (Wired Equivalent Privacy) - the weakest protocol for wireless data encryption that can be cracked in minutes, said Motorola. And only seven per cent of retailers were found to be using the strongest wi-fi security protocol currently available: WPA2.

Wireless from A-Z

Click here for all there is on wireless, from email to WiMax.

Retailers in London ranked worst out of all the cities surveyed, with only a fraction more than half (51 per cent) of APs in the capital having some form of encryption.

The survey also found more than a fifth (22 per cent) of APs were misconfigured - a rise of nine percentage points on the year before. Some networks were deployed using default configurations and SSID, such as 'Retail Wireless', 'Cash Register', 'POS WiFi', or 'store#1234', and 'Default'. This signals to hackers that nothing has been changed on these devices or the entire wireless network, said Motorola.

The survey was conducted by Motorola during the third and fourth quarters of 2008, with 4,000 stores in cities including Atlanta, Boston, Chicago, London, Los Angeles, New York City, San Francisco, Paris, Seoul and Sydney surveyed.