[ISN] Wireless LAN scan finds big security holes in NYC retailers wireless nets

From: InfoSec News (alerts@private)
Date: Wed Jan 16 2008 - 01:16:55 PST


http://www.networkworld.com/news/2008/011508-retailer-wlan-security.html

By John Cox
NetworkWorld.com
01/15/08

There's bad news for some retailers at this weeks National Retail 
Federation trade show in New York City, where WLAN security company 
AirDefense disclosed the findings of its four-day scan of local 
retailers wireless nets.

Security for retail wireless nets is still bad, though improving, 
AirDefense found after scanning nearly 800 stores in the five NYC 
boroughs between Thursday, Jan. 10 and Sunday, Jan. 13.

About one third of the stores had no security at all, not even the 
minimal encryption provided by the flawed Wired Equivalent Privacy (WEP) 
protocol. Another third had weak encryption, such as WEP or the 
pre-shared key mode of the Wi-Fi Protected Access (WPA PSK) 
specification, which was originally intended as basic security for home 
or SOHO WLANs.

The final third showed a quantum improvement, according to AirDefense 
Chief Security Officer Richard Rushing: the more advanced WPA2 
specification, with 802.1X authentication brought down to every device, 
including handhelds, on the WLAN, and AES encryption, the strongest 
commercially available today. These are the first retail stores weve 
seen with bulletproof [wireless] security, Rushing says.

Rushing has surveyed large retailers in sections of Manhattan in the 
past. The new scan was focused on smaller stores, 771 in all, in malls 
and shopping centers throughout the five boroughs. Rushing walked around 
with his notebook PC running the AirDefense monitoring and analysis 
software, simply observing the WLAN traffic in each store. No attempt 
was made to connect to any of the nets or launch penetration attacks.

In many of the sites, where the only network may be a DSL broadband 
router, Rushing also frequently found unprotected rogue access points 
deployed. He speculates that many of them are brought into stores so 
employees can run applications, make VoIP calls or get Internet access 
when not dealing with customers. But apparently, these unprotected 
devices are unknown to the store owners or managers, creating gaping net 
security holes. (Learn more about WLAN security in our Wireless LAN 
Security Buyers Guide. [1])

Another noticeable problem with the first two groups was that radio 
signals -- and thus access to the unprotected access points and 
unencrypted traffic -- spilled well beyond the walls of the store. 
Attackers could set up shop outside, snoop on the WLAN traffic, and 
collect MAC addresses and other data that could be used to hack deeper 
into the stores net, servers and data.

Based on the survey findings, many of these stores that take credit 
cards may not measure up to the PCI Data Security Standard, mandated by 
payment card companies.

Rushing is sympathetic, up to a point, to the special issues that hamper 
retail wireless security. Few retailers can afford to scrap legacy nets 
and devices and replace them wholesale. In addition, older wireless 
barcode scanners and other handhelds often lack the memory or processing 
power to support any security other than WEP, for example. These devices 
would have to be replaced with new ones that can.

In addition, stores may need to add much more complex security 
frameworks, such as Public Key Infrastructure, RADIUS servers and the 
like.

Finally, point-of-sale devices such as cash registers are still clearly 
visible on these weakly defended retail nets, according to Rushing. This 
tells me that segmenting these devices behind firewalls on secure nets 
is not being done, even though PCI mandates this, he says. Or, if it is 
being done, its being done ineffectively.

While the survey clearly is intended as a marketing tool for AirDefenses 
WLAN security software, the new results are broadly similar to findings 
of a 2007 survey of 3,000 stores in eight U.S. and European cities, also 
done by AirDefense.

Weak WLAN security was the entry point for hackers in the TJX Corp. data 
theft, in which nearly 46 million credit card numbers were stolen.

All contents copyright 1995-2008 Network World, Inc.

[1] http://www.networkworld.com/buyersguides/guide.php?cat=873941


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Wed Jan 16 2008 - 01:22:29 PST