AIRDEFENSE’S COMPREHENSIVE SURVEY OF 3,000 RETAIL STORES FINDS MANY WIRELESS DATA SECURITY VULNERABILITIES AS HOLIDAY SHOPPING SEASON NEARS Thursday 15 November 2007 PDF Print Atlanta, November 15, 2007. As the 2007 holiday shopping season officially gets underway, AirDefense, the innovator that launched the wireless LAN security market, today unveiled results from its comprehensive “2007 Retail Shopping Wireless Security Survey” of wireless data security and physical security practices in place at more than 3,000 stores nationwide and also in parts of Europe. Cities monitored were Atlanta, Boston, Chicago, Los Angeles, New York City, San Francisco, London and Paris. Research was conducted in some of the busiest shopping areas in the country, including: Rodeo Drive in Beverly Hills, Madison Avenue and 5th Avenue in New York City, Michigan Avenue in Chicago, Union Square and Market Street in San Francisco. AirDefense discovered more than 2,500 wireless devices such as laptops, hand-helds, and barcode scanners in use by retailers. Surprisingly, 85 percent of the devices could have been compromised or risk stolen data due to data leakage, mis-configured access points, poor naming choices for access points, outdated access point firmware and a “cookie-cutter” technology approach by large retailers. This type of approach occurs when the same technology is used in all retail locations so vulnerabilities will repeat themselves across the entire store’s chain. Consequences of the wireless security vulnerabilities found in AirDefense’s “2007 Retail Shopping Wireless Security Survey” are difficult to quantify. However, unauthorized individuals with a desire to steal consumer information or retailer data are likely to look for the weakest link in the network, such as misconfigured access points. Some of the networks that were discovered were fresh out of the box, using default configurations and SSID (Service Set Identification), such as retail wireless, POS WIFI, or store#1234. This sends out a signal to someone with a desire to commit fraud that nothing has been changed on these devices and the entire wireless network. Data leakage occurs when companies add wireless functionality onto an existing wired network. Point-of-sale information on products and possibly consumer credit card information can leak onto the wireless airwaves and be stolen. Also, in advance of the holiday shopping season, AirDefense today unveiled a list of ‘best practices’ that consumers can use to protect themselves while using wireless devices at locations offering WIFI including: airports, libraries, coffee shops and convention centers. The complete list is available by logging onto: http://www.airdefense.net/newsandpress/11_15_07_1.php. Also, as part of the “2007 Retail Shopping Wireless Security Survey,” AirDefense monitored nearly 5,000 access points, the hardware that connects wireless devices to wired computer networks. AirDefense discovered 25 percent were unencrypted while 74 percent were encrypted. Also, 25 percent of retailers use Wired Equivalent Privacy (WEP), one of the weakest protocols for wireless data encryption. Forty-nine percent were using WIFI Protected Access (WPA) or WPA 2, the two strongest encryption protocols for prevention against theft. AirDefense also discovered that most retailers seem to maintain stronger physical security than wireless security as 95 percent of retailers had some form of physical security system in place such as an RFID security alarm. In addition, nearly 70 percent had security cameras installed and roughly 10 percent employed guards at exit doors. “Our comprehensive survey shows a striking imbalance between wireless security and physical security best practices at mainstream retail stores,” said Mike Potts, president and CEO, AirDefense. “Retailers today are much more adept at preventing or minimizing shoplifting by using a layered security approach, but the same can’t be said for wireless security, where mis-configured or unencrypted access points were evident in every city.” The most common data security lapses involved mis-configured access points that open backdoors to data. On several occasions, larger retailers had configured access points to work with WPA but had not switched off WEP, the weakest wireless security protocol. In addition, many retailers use their store name in the SSID, the name assigned by the equipment vendor to the wireless network during installation giving away a retailer’s identity. SSID’s can easily be reconfigured but often times are not. Also, large retailers often times use the same security technologies at all locations nationwide, so one security vulnerability in New York is also visible in Los Angeles or Atlanta. Data leakage, involving unencrypted data and encrypted data, was also visible in addition to protocols such as IPX, NetBIOS and SNA, proprietary protocols that let devices communicate across different networks. “Retailers around the world are leaving the ‘proverbial’ barn door open for potential problems should unauthorized individuals desire to steal consumer credit card information and point-of-sale information,” said Richard Rushing, the survey organizer and chief security officer, AirDefense. “Protecting consumer and retailer information is the most important job for retailers. A layered wireless security approach is the only way to prevent proprietary information from disappearing.” About AirDefense AirDefense is the market leader in anywhere, anytime wireless security. The company is trusted by more Fortune 500 companies, healthcare organizations and high-security government agencies for enterprise wireless protection than any other company. AirDefense products provide the most advanced solutions for rogue wireless detection, policy enforcement and intrusion prevention, both inside and outside an organization’s physical locations and wired networks. Common Criteria-certified, AirDefense enterprise-class products scale to support single offices as well as organizations with hundreds of locations around the globe. Founded in 2001, AirDefense is based in Atlanta, GA, and serves 700 government agencies and blue chip corporations. For more information, please visit http://www.airdefense.net or call +1 770.663.8115. AirDefense Contacts: Michael Wolf ITGS Tel:- 01235 835777 This press release was distributed by ResponseSource Press Release Wire on behalf of ITGS PR (UK) in the following categories: Consumer Technology, Computing & Telecoms, for more information visit http://pressreleasewire.responsesource.com/about.