A survey of over 3,000 retail stores in several major U.S. cities by wireless security vendor AirDefense reveals that a large number of retailers are failing to take even the most rudimentary steps for protecting customer data from wireless compromises.
Among the biggest issues: weakly protected client devices, wrongly configured wireless access points inside stores, data leakage, poorly named network identifiers, and outdated access-point firmware.
According to AirDefense, about 85% of the 2,500 wireless devices that it discovered in retail stores, such as laptops and barcode scanners, were vulnerable to wireless hacks. Out of the 4,748 access points that were monitored for the survey, about 550 had poorly named SSIDs that could give away the store’s identity.
“One thing we did not expect was the large number of point-of-sale devices that looked as if they had been turned on” and left in essentially the configuration in which they arrived at the store, said Richard Rushing, chief security officer at AirDefense.
AirDefense has a list of ‘best practices’ that consumers can use to protect themselves during the online holiday shopping season:
- Turn off the wireless card when not in use.
- If shopping online, ensure that all wireless devices have their internal firewall and AntiVirus/Malware turned on.
- If forced to shop at a public hotspot, consumers should use online providers where they have existing accounts. This might prevent an attacker from getting all of a consumer’s personal information, such as billing address, name, or credit card numbers.
- Only log onto known wireless access points and do not bank or shop online with any frequency from a hot spot such as an airport lounge, coffee shop or library.
- Beware of slow networks, browser error and/or transactions not working because many of these could show signs that someone is trying to take over the hotspot.
- Use your corporate VPN to setup a secure tunnel when connecting at risky and open wireless networks before going on the Internet.
- Enable phishing filters on your browser. Make sure you use the latest and patched version of Internet browsers.
- Use prepaid wireless cards or accounts and register before you use the hotspot.
- Avoid busy hotspots, as these are locations most desirable to setup attacks.
- Use AirDefense Personal (of course).
Consumers often feel safer using their credit cards in stores than online, where hackers are notorious for stealing personal information. But is it really safer? Lesley Stahl reports on 60 Minutes.
Fraud losses related to U.S. e-commerce will top $3.6 billion in 2007, up 20% from last year, according to a report by the vendor CyberSource this month. The increase in dollar loss is due mostly to growing e-commerce sales, as the percentage of transactions that are fraudulent has held steady. The run-up to Christmas and tax filing season are the two most dangerous times of the year, says the company.
Trend Micro’s free HouseCall can scan your computer for viruses, spyware and other malware while PC World reviews the Best Vista Antispyware, 20 Tools to Get the Junk Off Your PC and The 20 (Mostly Free) Downloads You Can’t Do Without.
.gif)
