AirDefense Conducts Comprehensive Study Of Wireless Security

May 6, 2008 2:53 PM

AirDefense, a company in the wireless LAN security market, has unveiled results from its comprehensive study of the wireless airwaves at hundreds of Las Vegas retailers and hotels/casinos. AirDefense found the majority of retailers in Las Vegas using strong encryption protocols to protect data with 65 percent of the 640 Access Points (APs) discovered encrypted with Wi-Fi Protected Access (WPA) or WPA2. In stark contrast, 82 percent of the 1,557 APs discovered in Las Vegas hotels/casinos were using either no encryption or Wired Equivalent Privacy (WEP), the weakest protocol for wireless data encryption.

AirDefense conducted its study of retail shops, hotels/casinos by capturing the data as it leaked out of the buildings. While consequences of the wireless security vulnerabilities found in AirDefense’s Las Vegas study are difficult to quantify, unauthorized individuals with a desire to steal consumer information, retailer data or to disrupt networks are likely to look for the weakest link in the network, such as misconfigured access points.

AirDefense’s recent retail survey in San Francisco illustrates a trend of enhanced wireless security protocols in place as more than 60 percent of retailers use WPA or WPA2. Retailers in Las Vegas and San Francisco are using enhanced encryption protocols well above the national average of 49 percent found in AirDefense’s “2007 Retail Shopping Wireless Security Survey” unveiled in November 2007.

On the downside, many instances were discovered where retailers continue to use their store name in the Service Set Identification (SSID). An SSID is the name assigned by the equipment vendor to the wireless network during installation. SSIDs can easily be reconfigured but often times are not. Store SSIDs emit a broadcast signal for potential intruders to quickly pick up and fraudulently connect to default settings that haven’t been changed. In addition, AirDefense discovered high levels of data leakage as wireless functionality was added and left unprotected increasing the risk of exposing point-of-sale information and consumer credit card information.

“What was most surprising in studying hundreds of locations in Las Vegas is that as serious as retailers are taking wireless security today, the same can’t be said in the majority of hotels/casinos as most are making a poor attempt to secure wireless communications,” says Richard Rushing, chief security officer, AirDefense. “The most egregious findings were unencrypted APs set up to give hotel/casino guests Wi-Fi access, but at the same time giving intruders an opening to expand their beach head to troll for sensitive customer or corporate data.”

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue